homelab/traefik
1
0
Fork 0
Code Activity
traefik/integration/fixtures/knative/00-knative-crd-v1.19.0.yml
idurgakalyan 13bcdebc89
Add Knative provider
2025-10-08 09:32:05 +01:00

6692 lines
400 KiB
YAML
Raw Blame History

# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: certificates.networking.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: networking
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
spec:
group: networking.internal.knative.dev
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: |-
Certificate is responsible for provisioning a SSL certificate for the
given hosts. It is a Knative abstraction for various SSL certificate
provisioning solutions (such as cert-manager or self-signed SSL certificate).
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Spec is the desired state of the Certificate.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
required:
- dnsNames
- secretName
properties:
dnsNames:
description: |-
DNSNames is a list of DNS names the Certificate could support.
The wildcard format of DNSNames (e.g. *.default.example.com) is supported.
type: array
items:
type: string
domain:
description: Domain is the top level domain of the values for DNSNames.
type: string
secretName:
description: SecretName is the name of the secret resource to store the SSL certificate in.
type: string
status:
description: |-
Status is the current state of the Certificate.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
properties:
annotations:
description: |-
Annotations is additional Status fields for the Resource to save some
additional State as well as convey more information to the user. This is
roughly akin to Annotations on any k8s resource, just the reconciler conveying
richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: |-
Condition defines a readiness condition for a Knative resource.
See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time the condition transitioned from one status to another.
We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: |-
Severity with which to treat failures of this type of condition.
When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
http01Challenges:
description: |-
HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled
in order to get the TLS certificate..
type: array
items:
description: |-
HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs
to fulfill.
type: object
properties:
serviceName:
description: ServiceName is the name of the service to serve HTTP01 challenge requests.
type: string
serviceNamespace:
description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests.
type: string
servicePort:
description: ServicePort is the port of the service to serve HTTP01 challenge requests.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
url:
description: URL is the URL that the HTTP01 challenge is expected to serve on.
type: string
notAfter:
description: |-
The expiration time of the TLS certificate stored in the secret named
by this resource in spec.secretName.
type: string
format: date-time
observedGeneration:
description: |-
ObservedGeneration is the 'Generation' of the Service that
was last processed by the controller.
type: integer
format: int64
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
names:
kind: Certificate
plural: certificates
singular: certificate
categories:
- knative-internal
- networking
shortNames:
- kcert
scope: Namespaced
---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: configurations.serving.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
duck.knative.dev/podspecable: "true"
spec:
group: serving.knative.dev
names:
kind: Configuration
plural: configurations
singular: configuration
categories:
- all
- knative
- serving
shortNames:
- config
- cfg
scope: Namespaced
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: LatestCreated
type: string
jsonPath: .status.latestCreatedRevisionName
- name: LatestReady
type: string
jsonPath: .status.latestReadyRevisionName
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
schema:
openAPIV3Schema:
description: |-
Configuration represents the "floating HEAD" of a linear history of Revisions.
Users create new Revisions by updating the Configuration's spec.
The "latest created" revision's name is available under status, as is the
"latest ready" revision's name.
See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ConfigurationSpec holds the desired state of the Configuration (from the client).
type: object
properties:
template:
description: Template holds the latest specification for the Revision to be stamped out.
type: object
properties:
metadata:
type: object
properties:
annotations:
type: object
additionalProperties:
type: string
finalizers:
type: array
items:
type: string
labels:
type: object
additionalProperties:
type: string
name:
type: string
namespace:
type: string
x-kubernetes-preserve-unknown-fields: true
spec:
description: RevisionSpec holds the desired state of the Revision (from the client).
type: object
required:
- containers
properties:
affinity:
description: This is accessible behind a feature flag - kubernetes.podspec-affinity
type: object
x-kubernetes-preserve-unknown-fields: true
automountServiceAccountToken:
description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
type: boolean
containerConcurrency:
description: |-
ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
requests per container of the Revision. Defaults to `0` which means
concurrency to the application is not limited, and the system decides the
target concurrency for the autoscaler.
type: integer
format: int64
containers:
description: |-
List of containers belonging to the pod.
Containers cannot currently be added or removed.
There must be at least one container in a Pod.
Cannot be updated.
type: array
items:
description: A single application container that you want to run within a pod.
type: object
properties:
args:
description: |-
Arguments to the entrypoint.
The container image's CMD is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
x-kubernetes-list-type: atomic
command:
description: |-
Entrypoint array. Not executed within a shell.
The container image's ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
x-kubernetes-list-type: atomic
env:
description: |-
List of environment variables to set in the container.
Cannot be updated.
type: array
items:
description: EnvVar represents an environment variable present in a Container.
type: object
required:
- name
properties:
name:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value. Cannot be used if value is not empty.
type: object
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
type: object
required:
- key
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
fieldRef:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
resourceFieldRef:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
type: object
required:
- key
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
envFrom:
description: |-
List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys
will be reported as an event when the container is starting. When a key exists in multiple
sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence.
Cannot be updated.
type: array
items:
description: EnvFromSource represents the source of a set of ConfigMaps or Secrets
type: object
properties:
configMapRef:
description: The ConfigMap to select from
type: object
properties:
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the ConfigMap must be defined
type: boolean
x-kubernetes-map-type: atomic
prefix:
description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
type: object
properties:
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the Secret must be defined
type: boolean
x-kubernetes-map-type: atomic
x-kubernetes-list-type: atomic
image:
description: |-
Container image name.
More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
type: string
imagePullPolicy:
description: |-
Image pull policy.
One of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
livenessProbe:
description: |-
Periodic probe of container liveness.
Container will be restarted if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
description: Exec specifies a command to execute in the container.
type: object
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
x-kubernetes-list-type: atomic
failureThreshold:
description: |-
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
description: GRPC specifies a GRPC HealthCheckRequest.
type: object
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
type: integer
format: int32
service:
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies an HTTP GET request to perform.
type: object
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
type: array
items:
description: HTTPHeader describes a custom header to be used in HTTP probes
type: object
required:
- name
- value
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
initialDelaySeconds:
description: |-
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
description: |-
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
description: TCPSocket specifies a connection to a TCP port.
type: object
properties:
host:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
description: |-
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
name:
description: |-
Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: |-
List of ports to expose from the container. Not specifying a port here
DOES NOT prevent that port from being exposed. Any port which is
listening on the default "0.0.0.0" address inside a container will be
accessible from the network.
Modifying this array with strategic merge patch may corrupt the data.
For more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.
type: array
items:
description: ContainerPort represents a network port in a single container.
type: object
properties:
containerPort:
description: |-
Number of port to expose on the pod's IP address.
This must be a valid port number, 0 < x < 65536.
type: integer
format: int32
name:
description: |-
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
type: string
protocol:
description: |-
Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".
type: string
default: TCP
readinessProbe:
description: |-
Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
description: Exec specifies a command to execute in the container.
type: object
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
x-kubernetes-list-type: atomic
failureThreshold:
description: |-
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
description: GRPC specifies a GRPC HealthCheckRequest.
type: object
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
type: integer
format: int32
service:
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies an HTTP GET request to perform.
type: object
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
type: array
items:
description: HTTPHeader describes a custom header to be used in HTTP probes
type: object
required:
- name
- value
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
initialDelaySeconds:
description: |-
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
description: |-
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
description: TCPSocket specifies a connection to a TCP port.
type: object
properties:
host:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
description: |-
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
resources:
description: |-
Compute Resources required by this container.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
properties:
limits:
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
requests:
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
securityContext:
description: |-
SecurityContext defines the security options the container should be run with.
If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
type: object
properties:
allowPrivilegeEscalation:
description: |-
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
Note that this field cannot be set when spec.os.name is windows.
type: boolean
capabilities:
description: |-
The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by the container runtime.
Note that this field cannot be set when spec.os.name is windows.
type: object
properties:
add:
description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities
type: array
items:
description: Capability represent POSIX capabilities type
type: string
x-kubernetes-list-type: atomic
drop:
description: Removed capabilities
type: array
items:
description: Capability represent POSIX capabilities type
type: string
x-kubernetes-list-type: atomic
privileged:
description: |-
Run container in privileged mode. This can only be set to explicitly to 'false'
type: boolean
readOnlyRootFilesystem:
description: |-
Whether this container has a read-only root filesystem.
Default is false.
Note that this field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: |-
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
runAsNonRoot:
description: |-
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: |-
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
seccompProfile:
description: |-
The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options
override the pod options.
Note that this field cannot be set when spec.os.name is windows.
type: object
required:
- type
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
type:
description: |-
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
type: string
startupProbe:
description: |-
StartupProbe indicates that the Pod has successfully initialized.
If specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
when it might take a long time to load data or warm a cache, than during steady-state operation.
This cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
description: Exec specifies a command to execute in the container.
type: object
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
x-kubernetes-list-type: atomic
failureThreshold:
description: |-
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
description: GRPC specifies a GRPC HealthCheckRequest.
type: object
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
type: integer
format: int32
service:
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies an HTTP GET request to perform.
type: object
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
type: array
items:
description: HTTPHeader describes a custom header to be used in HTTP probes
type: object
required:
- name
- value
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
initialDelaySeconds:
description: |-
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
description: |-
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
description: TCPSocket specifies a connection to a TCP port.
type: object
properties:
host:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
description: |-
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
terminationMessagePath:
description: |-
Optional: Path at which the file to which the container's termination message
will be written is mounted into the container's filesystem.
Message written is intended to be brief final status, such as an assertion failure message.
Will be truncated by the node if greater than 4096 bytes. The total message length across
all containers will be limited to 12kb.
Defaults to /dev/termination-log.
Cannot be updated.
type: string
terminationMessagePolicy:
description: |-
Indicate how the termination message should be populated. File will use the contents of
terminationMessagePath to populate the container status message on both success and failure.
FallbackToLogsOnError will use the last chunk of container log output if the termination
message file is empty and the container exited with an error.
The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
Defaults to File.
Cannot be updated.
type: string
volumeMounts:
description: |-
Pod volumes to mount into the container's filesystem.
Cannot be updated.
type: array
items:
description: VolumeMount describes a mounting of a Volume within a container.
type: object
required:
- mountPath
- name
properties:
mountPath:
description: |-
Path within the container at which the volume should be mounted. Must
not contain ':'.
type: string
mountPropagation:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: |-
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
type: boolean
subPath:
description: |-
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
type: string
x-kubernetes-list-map-keys:
- mountPath
x-kubernetes-list-type: map
workingDir:
description: |-
Container's working directory.
If not specified, the container runtime's default will be used, which
might be configured in the container image.
Cannot be updated.
type: string
dnsConfig:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
type: object
x-kubernetes-preserve-unknown-fields: true
dnsPolicy:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
type: string
enableServiceLinks:
description: |-
EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
type: boolean
hostAliases:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: array
items:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: object
x-kubernetes-preserve-unknown-fields: true
hostIPC:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostipc
type: boolean
hostNetwork:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
type: boolean
hostPID:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostpid
type: boolean
idleTimeoutSeconds:
description: |-
IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
to stay open while not receiving any bytes from the user's application. If
unspecified, a system default will be provided.
type: integer
format: int64
imagePullSecrets:
description: |-
ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
If specified, these secrets will be passed to individual puller implementations for them to use.
More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
type: array
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
type: object
properties:
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
x-kubernetes-map-type: atomic
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
initContainers:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: object
x-kubernetes-preserve-unknown-fields: true
nodeSelector:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-nodeselector
type: object
additionalProperties:
type: string
x-kubernetes-map-type: atomic
priorityClassName:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
type: string
responseStartTimeoutSeconds:
description: |-
ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
routing layer will wait for a request delivered to a container to begin
sending any network traffic.
type: integer
format: int64
runtimeClassName:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
type: string
schedulerName:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-schedulername
type: string
securityContext:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-securitycontext
type: object
x-kubernetes-preserve-unknown-fields: true
serviceAccountName:
description: |-
ServiceAccountName is the name of the ServiceAccount to use to run this pod.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
type: string
shareProcessNamespace:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
type: boolean
timeoutSeconds:
description: |-
TimeoutSeconds is the maximum duration in seconds that the request instance
is allowed to respond to a request. If unspecified, a system default will
be provided.
type: integer
format: int64
tolerations:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: array
items:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: object
x-kubernetes-preserve-unknown-fields: true
topologySpreadConstraints:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: object
x-kubernetes-preserve-unknown-fields: true
volumes:
description: |-
List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
type: array
items:
description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
type: object
required:
- name
properties:
configMap:
description: configMap represents a configMap that should populate this volume
type: object
properties:
defaultMode:
description: |-
defaultMode is optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
Defaults to 0644.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
description: |-
items if unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the ConfigMap,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
x-kubernetes-map-type: atomic
csi:
description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi
type: object
x-kubernetes-preserve-unknown-fields: true
emptyDir:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
type: object
x-kubernetes-preserve-unknown-fields: true
hostPath:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
type: object
x-kubernetes-preserve-unknown-fields: true
image:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-image
type: object
x-kubernetes-preserve-unknown-fields: true
name:
description: |-
name of the volume.
Must be a DNS_LABEL and unique within the pod.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
persistentVolumeClaim:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
type: object
x-kubernetes-preserve-unknown-fields: true
projected:
description: projected items for all in one resources secrets, configmaps, and downward API
type: object
properties:
defaultMode:
description: |-
defaultMode are the mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
sources:
description: |-
sources is the list of volume projections. Each entry in this list
handles one source.
type: array
items:
description: |-
Projection that may be projected along with other supported volume types.
Exactly one of these fields must be set.
type: object
properties:
configMap:
description: configMap information about the configMap data to project
type: object
properties:
items:
description: |-
items if unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the ConfigMap,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
x-kubernetes-map-type: atomic
downwardAPI:
description: downwardAPI information about the downwardAPI data to project
type: object
properties:
items:
description: Items is a list of DownwardAPIVolume file
type: array
items:
description: DownwardAPIVolumeFile represents information to create the file containing the pod field
type: object
required:
- path
properties:
fieldRef:
description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
type: object
required:
- fieldPath
properties:
apiVersion:
description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified API version.
type: string
x-kubernetes-map-type: atomic
mode:
description: |-
Optional: mode bits used to set permissions on this file, must be an octal value
between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
type: string
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
type: object
required:
- resource
properties:
containerName:
description: 'Container name: required for volumes, optional for env vars'
type: string
divisor:
description: Specifies the output format of the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
x-kubernetes-map-type: atomic
x-kubernetes-list-type: atomic
secret:
description: secret information about the secret data to project
type: object
properties:
items:
description: |-
items if unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the Secret,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: optional field specify whether the Secret or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
serviceAccountToken:
description: serviceAccountToken is information about the serviceAccountToken data to project
type: object
required:
- path
properties:
audience:
description: |-
audience is the intended audience of the token. A recipient of a token
must identify itself with an identifier specified in the audience of the
token, and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
type: string
expirationSeconds:
description: |-
expirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
type: integer
format: int64
path:
description: |-
path is the path relative to the mount point of the file to project the
token into.
type: string
x-kubernetes-list-type: atomic
secret:
description: |-
secret represents a secret that should populate this volume.
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: object
properties:
defaultMode:
description: |-
defaultMode is Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
description: |-
items If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the Secret,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
optional:
description: optional field specify whether the Secret or its keys must be defined
type: boolean
secretName:
description: |-
secretName is the name of the secret in the pod's namespace to use.
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: string
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
status:
description: ConfigurationStatus communicates the observed state of the Configuration (from the controller).
type: object
properties:
annotations:
description: |-
Annotations is additional Status fields for the Resource to save some
additional State as well as convey more information to the user. This is
roughly akin to Annotations on any k8s resource, just the reconciler conveying
richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: |-
Condition defines a readiness condition for a Knative resource.
See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time the condition transitioned from one status to another.
We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: |-
Severity with which to treat failures of this type of condition.
When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
latestCreatedRevisionName:
description: |-
LatestCreatedRevisionName is the last revision that was created from this
Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
type: string
latestReadyRevisionName:
description: |-
LatestReadyRevisionName holds the name of the latest Revision stamped out
from this Configuration that has had its "Ready" condition become "True".
type: string
observedGeneration:
description: |-
ObservedGeneration is the 'Generation' of the Service that
was last processed by the controller.
type: integer
format: int64
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterdomainclaims.networking.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: networking
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
spec:
group: networking.internal.knative.dev
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name.
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Spec is the desired state of the ClusterDomainClaim.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
required:
- namespace
properties:
namespace:
description: |-
Namespace is the namespace which is allowed to create a DomainMapping
using this ClusterDomainClaim's name.
type: string
names:
kind: ClusterDomainClaim
plural: clusterdomainclaims
singular: clusterdomainclaim
categories:
- knative-internal
- networking
shortNames:
- cdc
scope: Cluster
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: domainmappings.serving.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
spec:
group: serving.knative.dev
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: URL
type: string
jsonPath: .status.url
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
"schema":
"openAPIV3Schema":
description: DomainMapping is a mapping from a custom hostname to an Addressable.
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Spec is the desired state of the DomainMapping.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
required:
- ref
properties:
ref:
description: |-
Ref specifies the target of the Domain Mapping.
The object identified by the Ref must be an Addressable with a URL of the
form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain,
and `{name}` and `{namespace}` are the name and namespace of a Kubernetes
Service.
This contract is satisfied by Knative types such as Knative Services and
Knative Routes, and by Kubernetes Services.
type: object
required:
- kind
- name
properties:
address:
description: Address points to a specific Address Name.
type: string
apiVersion:
description: API version of the referent.
type: string
group:
description: |-
Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup.
Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
This is optional field, it gets defaulted to the object holding it if left out.
type: string
tls:
description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret.
type: object
required:
- secretName
properties:
secretName:
description: SecretName is the name of the existing secret used to terminate TLS traffic.
type: string
status:
description: |-
Status is the current state of the DomainMapping.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
properties:
address:
description: Address holds the information needed for a DomainMapping to be the target of an event.
type: object
properties:
CACerts:
description: |-
CACerts is the Certification Authority (CA) certificates in PEM format
according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
audience:
description: Audience is the OIDC audience for this address.
type: string
name:
description: Name is the name of the address.
type: string
url:
type: string
annotations:
description: |-
Annotations is additional Status fields for the Resource to save some
additional State as well as convey more information to the user. This is
roughly akin to Annotations on any k8s resource, just the reconciler conveying
richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: |-
Condition defines a readiness condition for a Knative resource.
See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time the condition transitioned from one status to another.
We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: |-
Severity with which to treat failures of this type of condition.
When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
observedGeneration:
description: |-
ObservedGeneration is the 'Generation' of the Service that
was last processed by the controller.
type: integer
format: int64
url:
description: URL is the URL of this DomainMapping.
type: string
names:
kind: DomainMapping
plural: domainmappings
singular: domainmapping
categories:
- all
- knative
- serving
shortNames:
- dm
scope: Namespaced
---
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: ingresses.networking.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: networking
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
spec:
group: networking.internal.knative.dev
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: |-
Ingress is a collection of rules that allow inbound connections to reach the endpoints defined
by a backend. An Ingress can be configured to give services externally-reachable URLs, load
balance traffic, offer name based virtual hosting, etc.
This is heavily based on K8s Ingress https://godoc.org/k8s.io/api/networking/v1beta1#Ingress
which some highlighted modifications.
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Spec is the desired state of the Ingress.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
properties:
httpOption:
description: |-
HTTPOption is the option of HTTP. It has the following two values:
`HTTPOptionEnabled`, `HTTPOptionRedirected`
type: string
rules:
description: A list of host rules used to configure the Ingress.
type: array
items:
description: |-
IngressRule represents the rules mapping the paths under a specified host to
the related backend services. Incoming requests are first evaluated for a host
match, then routed to the backend associated with the matching IngressRuleValue.
type: object
properties:
hosts:
description: |-
Host is the fully qualified domain name of a network host, as defined
by RFC 3986. Note the following deviations from the "host" part of the
URI as defined in the RFC:
1. IPs are not allowed. Currently a rule value can only apply to the
IP in the Spec of the parent .
2. The `:` delimiter is not respected because ports are not allowed.
Currently the port of an Ingress is implicitly :80 for http and
:443 for https.
Both these may change in the future.
If the host is unspecified, the Ingress routes all traffic based on the
specified IngressRuleValue.
If multiple matching Hosts were provided, the first rule will take precedent.
type: array
items:
type: string
http:
description: |-
HTTP represents a rule to apply against incoming requests. If the
rule is satisfied, the request is routed to the specified backend.
type: object
required:
- paths
properties:
paths:
description: |-
A collection of paths that map requests to backends.
If they are multiple matching paths, the first match takes precedence.
type: array
items:
description: |-
HTTPIngressPath associates a path regex with a backend. Incoming URLs matching
the path are forwarded to the backend.
type: object
required:
- splits
properties:
appendHeaders:
description: |-
AppendHeaders allow specifying additional HTTP headers to add
before forwarding a request to the destination service.
NOTE: This differs from K8s Ingress which doesn't allow header appending.
type: object
additionalProperties:
type: string
headers:
description: |-
Headers defines header matching rules which is a map from a header name
to HeaderMatch which specify a matching condition.
When a request matched with all the header matching rules,
the request is routed by the corresponding ingress rule.
If it is empty, the headers are not used for matching
type: object
additionalProperties:
description: |-
HeaderMatch represents a matching value of Headers in HTTPIngressPath.
Currently, only the exact matching is supported.
type: object
required:
- exact
properties:
exact:
type: string
path:
description: |-
Path represents a literal prefix to which this rule should apply.
Currently it can contain characters disallowed from the conventional
"path" part of a URL as defined by RFC 3986. Paths must begin with
a '/'. If unspecified, the path defaults to a catch all sending
traffic to the backend.
type: string
rewriteHost:
description: |-
RewriteHost rewrites the incoming request's host header.
This field is currently experimental and not supported by all Ingress
implementations.
type: string
splits:
description: |-
Splits defines the referenced service endpoints to which the traffic
will be forwarded to.
type: array
items:
description: IngressBackendSplit describes all endpoints for a given service and port.
type: object
required:
- serviceName
- serviceNamespace
- servicePort
properties:
appendHeaders:
description: |-
AppendHeaders allow specifying additional HTTP headers to add
before forwarding a request to the destination service.
NOTE: This differs from K8s Ingress which doesn't allow header appending.
type: object
additionalProperties:
type: string
percent:
description: |-
Specifies the split percentage, a number between 0 and 100. If
only one split is specified, we default to 100.
NOTE: This differs from K8s Ingress to allow percentage split.
type: integer
serviceName:
description: Specifies the name of the referenced service.
type: string
serviceNamespace:
description: |-
Specifies the namespace of the referenced service.
NOTE: This differs from K8s Ingress to allow routing to different namespaces.
type: string
servicePort:
description: Specifies the port of the referenced service.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
visibility:
description: |-
Visibility signifies whether this rule should `ClusterLocal`. If it's not
specified then it defaults to `ExternalIP`.
type: string
tls:
description: |-
TLS configuration. Currently Ingress only supports a single TLS
port: 443. If multiple members of this list specify different hosts, they
will be multiplexed on the same port according to the hostname specified
through the SNI TLS extension, if the ingress controller fulfilling the
ingress supports SNI.
type: array
items:
description: IngressTLS describes the transport layer security associated with an Ingress.
type: object
properties:
hosts:
description: |-
Hosts is a list of hosts included in the TLS certificate. The values in
this list must match the name/s used in the tlsSecret. Defaults to the
wildcard host setting for the loadbalancer controller fulfilling this
Ingress, if left unspecified.
type: array
items:
type: string
secretName:
description: SecretName is the name of the secret used to terminate SSL traffic.
type: string
secretNamespace:
description: |-
SecretNamespace is the namespace of the secret used to terminate SSL traffic.
If not set the namespace should be assumed to be the same as the Ingress.
If set the secret should have the same namespace as the Ingress otherwise
the behaviour is undefined and not supported.
type: string
status:
description: |-
Status is the current state of the Ingress.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
properties:
annotations:
description: |-
Annotations is additional Status fields for the Resource to save some
additional State as well as convey more information to the user. This is
roughly akin to Annotations on any k8s resource, just the reconciler conveying
richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: |-
Condition defines a readiness condition for a Knative resource.
See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time the condition transitioned from one status to another.
We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: |-
Severity with which to treat failures of this type of condition.
When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
observedGeneration:
description: |-
ObservedGeneration is the 'Generation' of the Service that
was last processed by the controller.
type: integer
format: int64
privateLoadBalancer:
description: PrivateLoadBalancer contains the current status of the load-balancer.
type: object
properties:
ingress:
description: |-
Ingress is a list containing ingress points for the load-balancer.
Traffic intended for the service should be sent to these ingress points.
type: array
items:
description: |-
LoadBalancerIngressStatus represents the status of a load-balancer ingress point:
traffic intended for the service should be sent to an ingress point.
type: object
properties:
domain:
description: |-
Domain is set for load-balancer ingress points that are DNS based
(typically AWS load-balancers)
type: string
domainInternal:
description: |-
DomainInternal is set if there is a cluster-local DNS name to access the Ingress.
NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local
DNS name to allow routing in case of not having a mesh.
type: string
ip:
description: |-
IP is set for load-balancer ingress points that are IP based
(typically GCE or OpenStack load-balancers)
type: string
meshOnly:
description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh.
type: boolean
publicLoadBalancer:
description: PublicLoadBalancer contains the current status of the load-balancer.
type: object
properties:
ingress:
description: |-
Ingress is a list containing ingress points for the load-balancer.
Traffic intended for the service should be sent to these ingress points.
type: array
items:
description: |-
LoadBalancerIngressStatus represents the status of a load-balancer ingress point:
traffic intended for the service should be sent to an ingress point.
type: object
properties:
domain:
description: |-
Domain is set for load-balancer ingress points that are DNS based
(typically AWS load-balancers)
type: string
domainInternal:
description: |-
DomainInternal is set if there is a cluster-local DNS name to access the Ingress.
NOTE: This differs from K8s Ingress, since we also desire to have a cluster-local
DNS name to allow routing in case of not having a mesh.
type: string
ip:
description: |-
IP is set for load-balancer ingress points that are IP based
(typically GCE or OpenStack load-balancers)
type: string
meshOnly:
description: MeshOnly is set if the Ingress is only load-balanced through a Service mesh.
type: boolean
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
names:
kind: Ingress
plural: ingresses
singular: ingress
categories:
- knative-internal
- networking
shortNames:
- kingress
- king
scope: Namespaced
---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: metrics.autoscaling.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
spec:
group: autoscaling.internal.knative.dev
names:
kind: Metric
plural: metrics
singular: metric
categories:
- knative-internal
- autoscaling
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
schema:
openAPIV3Schema:
description: Metric represents a resource to configure the metric collector with.
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec holds the desired state of the Metric (from the client).
type: object
required:
- panicWindow
- scrapeTarget
- stableWindow
properties:
panicWindow:
description: PanicWindow is the aggregation window for metrics where quick reactions are needed.
type: integer
format: int64
scrapeTarget:
description: ScrapeTarget is the K8s service that publishes the metric endpoint.
type: string
stableWindow:
description: StableWindow is the aggregation window for metrics in a stable state.
type: integer
format: int64
status:
description: Status communicates the observed state of the Metric (from the controller).
type: object
properties:
annotations:
description: |-
Annotations is additional Status fields for the Resource to save some
additional State as well as convey more information to the user. This is
roughly akin to Annotations on any k8s resource, just the reconciler conveying
richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: |-
Condition defines a readiness condition for a Knative resource.
See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time the condition transitioned from one status to another.
We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: |-
Severity with which to treat failures of this type of condition.
When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
observedGeneration:
description: |-
ObservedGeneration is the 'Generation' of the Service that
was last processed by the controller.
type: integer
format: int64
---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: podautoscalers.autoscaling.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
spec:
group: autoscaling.internal.knative.dev
names:
kind: PodAutoscaler
plural: podautoscalers
singular: podautoscaler
categories:
- knative-internal
- autoscaling
shortNames:
- kpa
- pa
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: DesiredScale
type: integer
jsonPath: ".status.desiredScale"
- name: ActualScale
type: integer
jsonPath: ".status.actualScale"
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
schema:
openAPIV3Schema:
description: |-
PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative
components instantiate autoscalers. This definition is an abstraction that may be backed
by multiple definitions. For more information, see the Knative Pluggability presentation:
https://docs.google.com/presentation/d/19vW9HFZ6Puxt31biNZF3uLRejDmu82rxJIk1cWmxF7w/edit
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec holds the desired state of the PodAutoscaler (from the client).
type: object
required:
- protocolType
- scaleTargetRef
properties:
containerConcurrency:
description: |-
ContainerConcurrency specifies the maximum allowed
in-flight (concurrent) requests per container of the Revision.
Defaults to `0` which means unlimited concurrency.
type: integer
format: int64
protocolType:
description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec.
type: string
reachability:
description: |-
Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route).
Defaults to `ReachabilityUnknown`
type: string
scaleTargetRef:
description: |-
ScaleTargetRef defines the /scale-able resource that this PodAutoscaler
is responsible for quickly right-sizing.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
x-kubernetes-map-type: atomic
status:
description: Status communicates the observed state of the PodAutoscaler (from the controller).
type: object
required:
- metricsServiceName
- serviceName
properties:
actualScale:
description: ActualScale shows the actual number of replicas for the revision.
type: integer
format: int32
annotations:
description: |-
Annotations is additional Status fields for the Resource to save some
additional State as well as convey more information to the user. This is
roughly akin to Annotations on any k8s resource, just the reconciler conveying
richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: |-
Condition defines a readiness condition for a Knative resource.
See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time the condition transitioned from one status to another.
We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: |-
Severity with which to treat failures of this type of condition.
When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
desiredScale:
description: DesiredScale shows the current desired number of replicas for the revision.
type: integer
format: int32
metricsServiceName:
description: |-
MetricsServiceName is the K8s Service name that provides revision metrics.
The service is managed by the PA object.
type: string
observedGeneration:
description: |-
ObservedGeneration is the 'Generation' of the Service that
was last processed by the controller.
type: integer
format: int64
serviceName:
description: |-
ServiceName is the K8s Service name that serves the revision, scaled by this PA.
The service is created and owned by the ServerlessService object owned by this PA.
type: string
---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: revisions.serving.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
spec:
group: serving.knative.dev
names:
kind: Revision
plural: revisions
singular: revision
categories:
- all
- knative
- serving
shortNames:
- rev
scope: Namespaced
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Config Name
type: string
jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']"
- name: Generation
type: string # int in string form :(
jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']"
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
- name: Actual Replicas
type: integer
jsonPath: ".status.actualReplicas"
- name: Desired Replicas
type: integer
jsonPath: ".status.desiredReplicas"
schema:
openAPIV3Schema:
description: |-
Revision is an immutable snapshot of code and configuration. A revision
references a container image. Revisions are created by updates to a
Configuration.
See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RevisionSpec holds the desired state of the Revision (from the client).
type: object
required:
- containers
properties:
affinity:
description: This is accessible behind a feature flag - kubernetes.podspec-affinity
type: object
x-kubernetes-preserve-unknown-fields: true
automountServiceAccountToken:
description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
type: boolean
containerConcurrency:
description: |-
ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
requests per container of the Revision. Defaults to `0` which means
concurrency to the application is not limited, and the system decides the
target concurrency for the autoscaler.
type: integer
format: int64
containers:
description: |-
List of containers belonging to the pod.
Containers cannot currently be added or removed.
There must be at least one container in a Pod.
Cannot be updated.
type: array
items:
description: A single application container that you want to run within a pod.
type: object
properties:
args:
description: |-
Arguments to the entrypoint.
The container image's CMD is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
x-kubernetes-list-type: atomic
command:
description: |-
Entrypoint array. Not executed within a shell.
The container image's ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
x-kubernetes-list-type: atomic
env:
description: |-
List of environment variables to set in the container.
Cannot be updated.
type: array
items:
description: EnvVar represents an environment variable present in a Container.
type: object
required:
- name
properties:
name:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value. Cannot be used if value is not empty.
type: object
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
type: object
required:
- key
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
fieldRef:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
resourceFieldRef:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
type: object
required:
- key
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
envFrom:
description: |-
List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys
will be reported as an event when the container is starting. When a key exists in multiple
sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence.
Cannot be updated.
type: array
items:
description: EnvFromSource represents the source of a set of ConfigMaps or Secrets
type: object
properties:
configMapRef:
description: The ConfigMap to select from
type: object
properties:
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the ConfigMap must be defined
type: boolean
x-kubernetes-map-type: atomic
prefix:
description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
type: object
properties:
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the Secret must be defined
type: boolean
x-kubernetes-map-type: atomic
x-kubernetes-list-type: atomic
image:
description: |-
Container image name.
More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
type: string
imagePullPolicy:
description: |-
Image pull policy.
One of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
livenessProbe:
description: |-
Periodic probe of container liveness.
Container will be restarted if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
description: Exec specifies a command to execute in the container.
type: object
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
x-kubernetes-list-type: atomic
failureThreshold:
description: |-
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
description: GRPC specifies a GRPC HealthCheckRequest.
type: object
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
type: integer
format: int32
service:
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies an HTTP GET request to perform.
type: object
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
type: array
items:
description: HTTPHeader describes a custom header to be used in HTTP probes
type: object
required:
- name
- value
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
initialDelaySeconds:
description: |-
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
description: |-
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
description: TCPSocket specifies a connection to a TCP port.
type: object
properties:
host:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
description: |-
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
name:
description: |-
Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: |-
List of ports to expose from the container. Not specifying a port here
DOES NOT prevent that port from being exposed. Any port which is
listening on the default "0.0.0.0" address inside a container will be
accessible from the network.
Modifying this array with strategic merge patch may corrupt the data.
For more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.
type: array
items:
description: ContainerPort represents a network port in a single container.
type: object
properties:
containerPort:
description: |-
Number of port to expose on the pod's IP address.
This must be a valid port number, 0 < x < 65536.
type: integer
format: int32
name:
description: |-
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
type: string
protocol:
description: |-
Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".
type: string
default: TCP
readinessProbe:
description: |-
Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
description: Exec specifies a command to execute in the container.
type: object
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
x-kubernetes-list-type: atomic
failureThreshold:
description: |-
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
description: GRPC specifies a GRPC HealthCheckRequest.
type: object
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
type: integer
format: int32
service:
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies an HTTP GET request to perform.
type: object
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
type: array
items:
description: HTTPHeader describes a custom header to be used in HTTP probes
type: object
required:
- name
- value
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
initialDelaySeconds:
description: |-
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
description: |-
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
description: TCPSocket specifies a connection to a TCP port.
type: object
properties:
host:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
description: |-
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
resources:
description: |-
Compute Resources required by this container.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
properties:
limits:
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
requests:
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
securityContext:
description: |-
SecurityContext defines the security options the container should be run with.
If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
type: object
properties:
allowPrivilegeEscalation:
description: |-
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
Note that this field cannot be set when spec.os.name is windows.
type: boolean
capabilities:
description: |-
The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by the container runtime.
Note that this field cannot be set when spec.os.name is windows.
type: object
properties:
add:
description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities
type: array
items:
description: Capability represent POSIX capabilities type
type: string
x-kubernetes-list-type: atomic
drop:
description: Removed capabilities
type: array
items:
description: Capability represent POSIX capabilities type
type: string
x-kubernetes-list-type: atomic
privileged:
description: |-
Run container in privileged mode. This can only be set to explicitly to 'false'
type: boolean
readOnlyRootFilesystem:
description: |-
Whether this container has a read-only root filesystem.
Default is false.
Note that this field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: |-
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
runAsNonRoot:
description: |-
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: |-
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
seccompProfile:
description: |-
The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options
override the pod options.
Note that this field cannot be set when spec.os.name is windows.
type: object
required:
- type
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
type:
description: |-
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
type: string
startupProbe:
description: |-
StartupProbe indicates that the Pod has successfully initialized.
If specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
when it might take a long time to load data or warm a cache, than during steady-state operation.
This cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
description: Exec specifies a command to execute in the container.
type: object
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
x-kubernetes-list-type: atomic
failureThreshold:
description: |-
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
description: GRPC specifies a GRPC HealthCheckRequest.
type: object
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
type: integer
format: int32
service:
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies an HTTP GET request to perform.
type: object
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
type: array
items:
description: HTTPHeader describes a custom header to be used in HTTP probes
type: object
required:
- name
- value
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
initialDelaySeconds:
description: |-
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
description: |-
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
description: TCPSocket specifies a connection to a TCP port.
type: object
properties:
host:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
description: |-
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
terminationMessagePath:
description: |-
Optional: Path at which the file to which the container's termination message
will be written is mounted into the container's filesystem.
Message written is intended to be brief final status, such as an assertion failure message.
Will be truncated by the node if greater than 4096 bytes. The total message length across
all containers will be limited to 12kb.
Defaults to /dev/termination-log.
Cannot be updated.
type: string
terminationMessagePolicy:
description: |-
Indicate how the termination message should be populated. File will use the contents of
terminationMessagePath to populate the container status message on both success and failure.
FallbackToLogsOnError will use the last chunk of container log output if the termination
message file is empty and the container exited with an error.
The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
Defaults to File.
Cannot be updated.
type: string
volumeMounts:
description: |-
Pod volumes to mount into the container's filesystem.
Cannot be updated.
type: array
items:
description: VolumeMount describes a mounting of a Volume within a container.
type: object
required:
- mountPath
- name
properties:
mountPath:
description: |-
Path within the container at which the volume should be mounted. Must
not contain ':'.
type: string
mountPropagation:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: |-
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
type: boolean
subPath:
description: |-
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
type: string
x-kubernetes-list-map-keys:
- mountPath
x-kubernetes-list-type: map
workingDir:
description: |-
Container's working directory.
If not specified, the container runtime's default will be used, which
might be configured in the container image.
Cannot be updated.
type: string
dnsConfig:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
type: object
x-kubernetes-preserve-unknown-fields: true
dnsPolicy:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
type: string
enableServiceLinks:
description: |-
EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
type: boolean
hostAliases:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: array
items:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: object
x-kubernetes-preserve-unknown-fields: true
hostIPC:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostipc
type: boolean
hostNetwork:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
type: boolean
hostPID:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostpid
type: boolean
idleTimeoutSeconds:
description: |-
IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
to stay open while not receiving any bytes from the user's application. If
unspecified, a system default will be provided.
type: integer
format: int64
imagePullSecrets:
description: |-
ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
If specified, these secrets will be passed to individual puller implementations for them to use.
More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
type: array
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
type: object
properties:
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
x-kubernetes-map-type: atomic
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
initContainers:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: object
x-kubernetes-preserve-unknown-fields: true
nodeSelector:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-nodeselector
type: object
additionalProperties:
type: string
x-kubernetes-map-type: atomic
priorityClassName:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
type: string
responseStartTimeoutSeconds:
description: |-
ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
routing layer will wait for a request delivered to a container to begin
sending any network traffic.
type: integer
format: int64
runtimeClassName:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
type: string
schedulerName:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-schedulername
type: string
securityContext:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-securitycontext
type: object
x-kubernetes-preserve-unknown-fields: true
serviceAccountName:
description: |-
ServiceAccountName is the name of the ServiceAccount to use to run this pod.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
type: string
shareProcessNamespace:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
type: boolean
timeoutSeconds:
description: |-
TimeoutSeconds is the maximum duration in seconds that the request instance
is allowed to respond to a request. If unspecified, a system default will
be provided.
type: integer
format: int64
tolerations:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: array
items:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: object
x-kubernetes-preserve-unknown-fields: true
topologySpreadConstraints:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: object
x-kubernetes-preserve-unknown-fields: true
volumes:
description: |-
List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
type: array
items:
description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
type: object
required:
- name
properties:
configMap:
description: configMap represents a configMap that should populate this volume
type: object
properties:
defaultMode:
description: |-
defaultMode is optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
Defaults to 0644.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
description: |-
items if unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the ConfigMap,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
x-kubernetes-map-type: atomic
csi:
description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi
type: object
x-kubernetes-preserve-unknown-fields: true
emptyDir:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
type: object
x-kubernetes-preserve-unknown-fields: true
hostPath:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
type: object
x-kubernetes-preserve-unknown-fields: true
image:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-image
type: object
x-kubernetes-preserve-unknown-fields: true
name:
description: |-
name of the volume.
Must be a DNS_LABEL and unique within the pod.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
persistentVolumeClaim:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
type: object
x-kubernetes-preserve-unknown-fields: true
projected:
description: projected items for all in one resources secrets, configmaps, and downward API
type: object
properties:
defaultMode:
description: |-
defaultMode are the mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
sources:
description: |-
sources is the list of volume projections. Each entry in this list
handles one source.
type: array
items:
description: |-
Projection that may be projected along with other supported volume types.
Exactly one of these fields must be set.
type: object
properties:
configMap:
description: configMap information about the configMap data to project
type: object
properties:
items:
description: |-
items if unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the ConfigMap,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
x-kubernetes-map-type: atomic
downwardAPI:
description: downwardAPI information about the downwardAPI data to project
type: object
properties:
items:
description: Items is a list of DownwardAPIVolume file
type: array
items:
description: DownwardAPIVolumeFile represents information to create the file containing the pod field
type: object
required:
- path
properties:
fieldRef:
description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
type: object
required:
- fieldPath
properties:
apiVersion:
description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified API version.
type: string
x-kubernetes-map-type: atomic
mode:
description: |-
Optional: mode bits used to set permissions on this file, must be an octal value
between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
type: string
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
type: object
required:
- resource
properties:
containerName:
description: 'Container name: required for volumes, optional for env vars'
type: string
divisor:
description: Specifies the output format of the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
x-kubernetes-map-type: atomic
x-kubernetes-list-type: atomic
secret:
description: secret information about the secret data to project
type: object
properties:
items:
description: |-
items if unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the Secret,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: optional field specify whether the Secret or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
serviceAccountToken:
description: serviceAccountToken is information about the serviceAccountToken data to project
type: object
required:
- path
properties:
audience:
description: |-
audience is the intended audience of the token. A recipient of a token
must identify itself with an identifier specified in the audience of the
token, and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
type: string
expirationSeconds:
description: |-
expirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
type: integer
format: int64
path:
description: |-
path is the path relative to the mount point of the file to project the
token into.
type: string
x-kubernetes-list-type: atomic
secret:
description: |-
secret represents a secret that should populate this volume.
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: object
properties:
defaultMode:
description: |-
defaultMode is Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
description: |-
items If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the Secret,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
optional:
description: optional field specify whether the Secret or its keys must be defined
type: boolean
secretName:
description: |-
secretName is the name of the secret in the pod's namespace to use.
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: string
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
status:
description: RevisionStatus communicates the observed state of the Revision (from the controller).
type: object
properties:
actualReplicas:
description: ActualReplicas reflects the amount of ready pods running this revision.
type: integer
format: int32
annotations:
description: |-
Annotations is additional Status fields for the Resource to save some
additional State as well as convey more information to the user. This is
roughly akin to Annotations on any k8s resource, just the reconciler conveying
richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: |-
Condition defines a readiness condition for a Knative resource.
See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time the condition transitioned from one status to another.
We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: |-
Severity with which to treat failures of this type of condition.
When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
containerStatuses:
description: |-
ContainerStatuses is a slice of images present in .Spec.Container[*].Image
to their respective digests and their container name.
The digests are resolved during the creation of Revision.
ContainerStatuses holds the container name and image digests
for both serving and non serving containers.
ref: http://bit.ly/image-digests
type: array
items:
description: ContainerStatus holds the information of container name and image digest value
type: object
properties:
imageDigest:
type: string
name:
type: string
desiredReplicas:
description: DesiredReplicas reflects the desired amount of pods running this revision.
type: integer
format: int32
initContainerStatuses:
description: |-
InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image
to their respective digests and their container name.
The digests are resolved during the creation of Revision.
ContainerStatuses holds the container name and image digests
for both serving and non serving containers.
ref: http://bit.ly/image-digests
type: array
items:
description: ContainerStatus holds the information of container name and image digest value
type: object
properties:
imageDigest:
type: string
name:
type: string
logUrl:
description: |-
LogURL specifies the generated logging url for this particular revision
based on the revision url template specified in the controller's config.
type: string
observedGeneration:
description: |-
ObservedGeneration is the 'Generation' of the Service that
was last processed by the controller.
type: integer
format: int64
---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: routes.serving.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
duck.knative.dev/addressable: "true"
spec:
group: serving.knative.dev
names:
kind: Route
plural: routes
singular: route
categories:
- all
- knative
- serving
shortNames:
- rt
scope: Namespaced
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: URL
type: string
jsonPath: .status.url
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
schema:
openAPIV3Schema:
description: |-
Route is responsible for configuring ingress over a collection of Revisions.
Some of the Revisions a Route distributes traffic over may be specified by
referencing the Configuration responsible for creating them; in these cases
the Route is additionally responsible for monitoring the Configuration for
"latest ready revision" changes, and smoothly rolling out latest revisions.
See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec holds the desired state of the Route (from the client).
type: object
properties:
traffic:
description: |-
Traffic specifies how to distribute traffic over a collection of
revisions and configurations.
type: array
items:
description: TrafficTarget holds a single entry of the routing table for a Route.
type: object
properties:
configurationName:
description: |-
ConfigurationName of a configuration to whose latest revision we will send
this portion of traffic. When the "status.latestReadyRevisionName" of the
referenced configuration changes, we will automatically migrate traffic
from the prior "latest ready" revision to the new one. This field is never
set in Route's status, only its spec. This is mutually exclusive with
RevisionName.
type: string
latestRevision:
description: |-
LatestRevision may be optionally provided to indicate that the latest
ready Revision of the Configuration should be used for this traffic
target. When provided LatestRevision must be true if RevisionName is
empty; it must be false when RevisionName is non-empty.
type: boolean
percent:
description: |-
Percent indicates that percentage based routing should be used and
the value indicates the percent of traffic that is be routed to this
Revision or Configuration. `0` (zero) mean no traffic, `100` means all
traffic.
When percentage based routing is being used the follow rules apply:
- the sum of all percent values must equal 100
- when not specified, the implied value for `percent` is zero for
that particular Revision or Configuration
type: integer
format: int64
revisionName:
description: |-
RevisionName of a specific revision to which to send this portion of
traffic. This is mutually exclusive with ConfigurationName.
type: string
tag:
description: |-
Tag is optionally used to expose a dedicated url for referencing
this target exclusively.
type: string
url:
description: |-
URL displays the URL for accessing named traffic targets. URL is displayed in
status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
type: string
status:
description: Status communicates the observed state of the Route (from the controller).
type: object
properties:
address:
description: Address holds the information needed for a Route to be the target of an event.
type: object
properties:
CACerts:
description: |-
CACerts is the Certification Authority (CA) certificates in PEM format
according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
audience:
description: Audience is the OIDC audience for this address.
type: string
name:
description: Name is the name of the address.
type: string
url:
type: string
annotations:
description: |-
Annotations is additional Status fields for the Resource to save some
additional State as well as convey more information to the user. This is
roughly akin to Annotations on any k8s resource, just the reconciler conveying
richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: |-
Condition defines a readiness condition for a Knative resource.
See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time the condition transitioned from one status to another.
We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: |-
Severity with which to treat failures of this type of condition.
When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
observedGeneration:
description: |-
ObservedGeneration is the 'Generation' of the Service that
was last processed by the controller.
type: integer
format: int64
traffic:
description: |-
Traffic holds the configured traffic distribution.
These entries will always contain RevisionName references.
When ConfigurationName appears in the spec, this will hold the
LatestReadyRevisionName that we last observed.
type: array
items:
description: TrafficTarget holds a single entry of the routing table for a Route.
type: object
properties:
configurationName:
description: |-
ConfigurationName of a configuration to whose latest revision we will send
this portion of traffic. When the "status.latestReadyRevisionName" of the
referenced configuration changes, we will automatically migrate traffic
from the prior "latest ready" revision to the new one. This field is never
set in Route's status, only its spec. This is mutually exclusive with
RevisionName.
type: string
latestRevision:
description: |-
LatestRevision may be optionally provided to indicate that the latest
ready Revision of the Configuration should be used for this traffic
target. When provided LatestRevision must be true if RevisionName is
empty; it must be false when RevisionName is non-empty.
type: boolean
percent:
description: |-
Percent indicates that percentage based routing should be used and
the value indicates the percent of traffic that is be routed to this
Revision or Configuration. `0` (zero) mean no traffic, `100` means all
traffic.
When percentage based routing is being used the follow rules apply:
- the sum of all percent values must equal 100
- when not specified, the implied value for `percent` is zero for
that particular Revision or Configuration
type: integer
format: int64
revisionName:
description: |-
RevisionName of a specific revision to which to send this portion of
traffic. This is mutually exclusive with ConfigurationName.
type: string
tag:
description: |-
Tag is optionally used to expose a dedicated url for referencing
this target exclusively.
type: string
url:
description: |-
URL displays the URL for accessing named traffic targets. URL is displayed in
status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
type: string
url:
description: |-
URL holds the url that will distribute traffic over the provided traffic targets.
It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
type: string
---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: serverlessservices.networking.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: networking
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
spec:
group: networking.internal.knative.dev
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: |-
ServerlessService is a proxy for the K8s service objects containing the
endpoints for the revision, whether those are endpoints of the activator or
revision pods.
See: https://knative.page.link/naxz for details.
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Spec is the desired state of the ServerlessService.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
required:
- objectRef
- protocolType
properties:
mode:
description: Mode describes the mode of operation of the ServerlessService.
type: string
numActivators:
description: |-
NumActivators contains number of Activators that this revision should be
assigned.
O means — assign all.
type: integer
format: int32
objectRef:
description: |-
ObjectRef defines the resource that this ServerlessService
is responsible for making "serverless".
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
x-kubernetes-map-type: atomic
protocolType:
description: |-
The application-layer protocol. Matches `RevisionProtocolType` set on the owning pa/revision.
serving imports networking, so just use string.
type: string
status:
description: |-
Status is the current state of the ServerlessService.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
type: object
properties:
annotations:
description: |-
Annotations is additional Status fields for the Resource to save some
additional State as well as convey more information to the user. This is
roughly akin to Annotations on any k8s resource, just the reconciler conveying
richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: |-
Condition defines a readiness condition for a Knative resource.
See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time the condition transitioned from one status to another.
We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: |-
Severity with which to treat failures of this type of condition.
When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
observedGeneration:
description: |-
ObservedGeneration is the 'Generation' of the Service that
was last processed by the controller.
type: integer
format: int64
privateServiceName:
description: |-
PrivateServiceName holds the name of a core K8s Service resource that
load balances over the user service pods backing this Revision.
type: string
serviceName:
description: |-
ServiceName holds the name of a core K8s Service resource that
load balances over the pods backing this Revision (activator or revision).
type: string
additionalPrinterColumns:
- name: Mode
type: string
jsonPath: ".spec.mode"
- name: Activators
type: integer
jsonPath: ".spec.numActivators"
- name: ServiceName
type: string
jsonPath: ".status.serviceName"
- name: PrivateServiceName
type: string
jsonPath: ".status.privateServiceName"
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
names:
kind: ServerlessService
plural: serverlessservices
singular: serverlessservice
categories:
- knative-internal
- networking
shortNames:
- sks
scope: Namespaced
---
# Copyright 2019 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: services.serving.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
duck.knative.dev/addressable: "true"
duck.knative.dev/podspecable: "true"
spec:
group: serving.knative.dev
names:
kind: Service
plural: services
singular: service
categories:
- all
- knative
- serving
shortNames:
- kservice
- ksvc
scope: Namespaced
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: URL
type: string
jsonPath: .status.url
- name: LatestCreated
type: string
jsonPath: .status.latestCreatedRevisionName
- name: LatestReady
type: string
jsonPath: .status.latestReadyRevisionName
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
schema:
openAPIV3Schema:
description: |-
Service acts as a top-level container that manages a Route and Configuration
which implement a network service. Service exists to provide a singular
abstraction which can be access controlled, reasoned about, and which
encapsulates software lifecycle decisions such as rollout policy and
team resource ownership. Service acts only as an orchestrator of the
underlying Routes and Configurations (much as a kubernetes Deployment
orchestrates ReplicaSets), and its usage is optional but recommended.
The Service's controller will track the statuses of its owned Configuration
and Route, reflecting their statuses and conditions as its own.
See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
ServiceSpec represents the configuration for the Service object.
A Service's specification is the union of the specifications for a Route
and Configuration. The Service restricts what can be expressed in these
fields, e.g. the Route must reference the provided Configuration;
however, these limitations also enable friendlier defaulting,
e.g. Route never needs a Configuration name, and may be defaulted to
the appropriate "run latest" spec.
type: object
properties:
template:
description: Template holds the latest specification for the Revision to be stamped out.
type: object
properties:
metadata:
type: object
properties:
annotations:
type: object
additionalProperties:
type: string
finalizers:
type: array
items:
type: string
labels:
type: object
additionalProperties:
type: string
name:
type: string
namespace:
type: string
x-kubernetes-preserve-unknown-fields: true
spec:
description: RevisionSpec holds the desired state of the Revision (from the client).
type: object
required:
- containers
properties:
affinity:
description: This is accessible behind a feature flag - kubernetes.podspec-affinity
type: object
x-kubernetes-preserve-unknown-fields: true
automountServiceAccountToken:
description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
type: boolean
containerConcurrency:
description: |-
ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
requests per container of the Revision. Defaults to `0` which means
concurrency to the application is not limited, and the system decides the
target concurrency for the autoscaler.
type: integer
format: int64
containers:
description: |-
List of containers belonging to the pod.
Containers cannot currently be added or removed.
There must be at least one container in a Pod.
Cannot be updated.
type: array
items:
description: A single application container that you want to run within a pod.
type: object
properties:
args:
description: |-
Arguments to the entrypoint.
The container image's CMD is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
x-kubernetes-list-type: atomic
command:
description: |-
Entrypoint array. Not executed within a shell.
The container image's ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: array
items:
type: string
x-kubernetes-list-type: atomic
env:
description: |-
List of environment variables to set in the container.
Cannot be updated.
type: array
items:
description: EnvVar represents an environment variable present in a Container.
type: object
required:
- name
properties:
name:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value. Cannot be used if value is not empty.
type: object
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
type: object
required:
- key
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
fieldRef:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
resourceFieldRef:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-fieldref
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
type: object
required:
- key
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
envFrom:
description: |-
List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys
will be reported as an event when the container is starting. When a key exists in multiple
sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence.
Cannot be updated.
type: array
items:
description: EnvFromSource represents the source of a set of ConfigMaps or Secrets
type: object
properties:
configMapRef:
description: The ConfigMap to select from
type: object
properties:
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the ConfigMap must be defined
type: boolean
x-kubernetes-map-type: atomic
prefix:
description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
type: object
properties:
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: Specify whether the Secret must be defined
type: boolean
x-kubernetes-map-type: atomic
x-kubernetes-list-type: atomic
image:
description: |-
Container image name.
More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management to default or override
container images in workload controllers like Deployments and StatefulSets.
type: string
imagePullPolicy:
description: |-
Image pull policy.
One of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
livenessProbe:
description: |-
Periodic probe of container liveness.
Container will be restarted if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
description: Exec specifies a command to execute in the container.
type: object
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
x-kubernetes-list-type: atomic
failureThreshold:
description: |-
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
description: GRPC specifies a GRPC HealthCheckRequest.
type: object
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
type: integer
format: int32
service:
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies an HTTP GET request to perform.
type: object
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
type: array
items:
description: HTTPHeader describes a custom header to be used in HTTP probes
type: object
required:
- name
- value
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
initialDelaySeconds:
description: |-
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
description: |-
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
description: TCPSocket specifies a connection to a TCP port.
type: object
properties:
host:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
description: |-
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
name:
description: |-
Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: |-
List of ports to expose from the container. Not specifying a port here
DOES NOT prevent that port from being exposed. Any port which is
listening on the default "0.0.0.0" address inside a container will be
accessible from the network.
Modifying this array with strategic merge patch may corrupt the data.
For more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.
type: array
items:
description: ContainerPort represents a network port in a single container.
type: object
properties:
containerPort:
description: |-
Number of port to expose on the pod's IP address.
This must be a valid port number, 0 < x < 65536.
type: integer
format: int32
name:
description: |-
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
type: string
protocol:
description: |-
Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".
type: string
default: TCP
readinessProbe:
description: |-
Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe fails.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
description: Exec specifies a command to execute in the container.
type: object
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
x-kubernetes-list-type: atomic
failureThreshold:
description: |-
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
description: GRPC specifies a GRPC HealthCheckRequest.
type: object
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
type: integer
format: int32
service:
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies an HTTP GET request to perform.
type: object
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
type: array
items:
description: HTTPHeader describes a custom header to be used in HTTP probes
type: object
required:
- name
- value
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
initialDelaySeconds:
description: |-
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
description: |-
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
description: TCPSocket specifies a connection to a TCP port.
type: object
properties:
host:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
description: |-
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
resources:
description: |-
Compute Resources required by this container.
Cannot be updated.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
properties:
limits:
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
requests:
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
securityContext:
description: |-
SecurityContext defines the security options the container should be run with.
If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
type: object
properties:
allowPrivilegeEscalation:
description: |-
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
Note that this field cannot be set when spec.os.name is windows.
type: boolean
capabilities:
description: |-
The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by the container runtime.
Note that this field cannot be set when spec.os.name is windows.
type: object
properties:
add:
description: This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities
type: array
items:
description: Capability represent POSIX capabilities type
type: string
x-kubernetes-list-type: atomic
drop:
description: Removed capabilities
type: array
items:
description: Capability represent POSIX capabilities type
type: string
x-kubernetes-list-type: atomic
privileged:
description: |-
Run container in privileged mode. This can only be set to explicitly to 'false'
type: boolean
readOnlyRootFilesystem:
description: |-
Whether this container has a read-only root filesystem.
Default is false.
Note that this field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: |-
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
runAsNonRoot:
description: |-
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: |-
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
type: integer
format: int64
seccompProfile:
description: |-
The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options
override the pod options.
Note that this field cannot be set when spec.os.name is windows.
type: object
required:
- type
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
type:
description: |-
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
type: string
startupProbe:
description: |-
StartupProbe indicates that the Pod has successfully initialized.
If specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
when it might take a long time to load data or warm a cache, than during steady-state operation.
This cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: object
properties:
exec:
description: Exec specifies a command to execute in the container.
type: object
properties:
command:
description: |-
Command is the command line to execute inside the container, the working directory for the
command is root ('/') in the container's filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
a shell, you need to explicitly call out to that shell.
Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: array
items:
type: string
x-kubernetes-list-type: atomic
failureThreshold:
description: |-
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1.
type: integer
format: int32
grpc:
description: GRPC specifies a GRPC HealthCheckRequest.
type: object
properties:
port:
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
type: integer
format: int32
service:
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
type: string
default: ""
httpGet:
description: HTTPGet specifies an HTTP GET request to perform.
type: object
properties:
host:
description: |-
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP allows repeated headers.
type: array
items:
description: HTTPHeader describes a custom header to be used in HTTP probes
type: object
required:
- name
- value
properties:
name:
description: |-
The header field name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
value:
description: The header field value
type: string
x-kubernetes-list-type: atomic
path:
description: Path to access on the HTTP server.
type: string
port:
description: |-
Name or number of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
description: |-
Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
initialDelaySeconds:
description: |-
Number of seconds after the container has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
periodSeconds:
description: |-
How often (in seconds) to perform the probe.
type: integer
format: int32
successThreshold:
description: |-
Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
type: integer
format: int32
tcpSocket:
description: TCPSocket specifies a connection to a TCP port.
type: object
properties:
host:
description: 'Optional: Host name to connect to, defaults to the pod IP.'
type: string
port:
description: |-
Number or name of the port to access on the container.
Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
timeoutSeconds:
description: |-
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
type: integer
format: int32
terminationMessagePath:
description: |-
Optional: Path at which the file to which the container's termination message
will be written is mounted into the container's filesystem.
Message written is intended to be brief final status, such as an assertion failure message.
Will be truncated by the node if greater than 4096 bytes. The total message length across
all containers will be limited to 12kb.
Defaults to /dev/termination-log.
Cannot be updated.
type: string
terminationMessagePolicy:
description: |-
Indicate how the termination message should be populated. File will use the contents of
terminationMessagePath to populate the container status message on both success and failure.
FallbackToLogsOnError will use the last chunk of container log output if the termination
message file is empty and the container exited with an error.
The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
Defaults to File.
Cannot be updated.
type: string
volumeMounts:
description: |-
Pod volumes to mount into the container's filesystem.
Cannot be updated.
type: array
items:
description: VolumeMount describes a mounting of a Volume within a container.
type: object
required:
- mountPath
- name
properties:
mountPath:
description: |-
Path within the container at which the volume should be mounted. Must
not contain ':'.
type: string
mountPropagation:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-mount-propagation
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: |-
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
type: boolean
subPath:
description: |-
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
type: string
x-kubernetes-list-map-keys:
- mountPath
x-kubernetes-list-type: map
workingDir:
description: |-
Container's working directory.
If not specified, the container runtime's default will be used, which
might be configured in the container image.
Cannot be updated.
type: string
dnsConfig:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnsconfig
type: object
x-kubernetes-preserve-unknown-fields: true
dnsPolicy:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-dnspolicy
type: string
enableServiceLinks:
description: |-
EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.
type: boolean
hostAliases:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: array
items:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostaliases
type: object
x-kubernetes-preserve-unknown-fields: true
hostIPC:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostipc
type: boolean
hostNetwork:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostnetwork
type: boolean
hostPID:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-hostpid
type: boolean
idleTimeoutSeconds:
description: |-
IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed
to stay open while not receiving any bytes from the user's application. If
unspecified, a system default will be provided.
type: integer
format: int64
imagePullSecrets:
description: |-
ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
If specified, these secrets will be passed to individual puller implementations for them to use.
More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
type: array
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
type: object
properties:
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
x-kubernetes-map-type: atomic
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
initContainers:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-init-containers
type: object
x-kubernetes-preserve-unknown-fields: true
nodeSelector:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-nodeselector
type: object
additionalProperties:
type: string
x-kubernetes-map-type: atomic
priorityClassName:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-priorityclassname
type: string
responseStartTimeoutSeconds:
description: |-
ResponseStartTimeoutSeconds is the maximum duration in seconds that the request
routing layer will wait for a request delivered to a container to begin
sending any network traffic.
type: integer
format: int64
runtimeClassName:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname
type: string
schedulerName:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-schedulername
type: string
securityContext:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-securitycontext
type: object
x-kubernetes-preserve-unknown-fields: true
serviceAccountName:
description: |-
ServiceAccountName is the name of the ServiceAccount to use to run this pod.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
type: string
shareProcessNamespace:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace
type: boolean
timeoutSeconds:
description: |-
TimeoutSeconds is the maximum duration in seconds that the request instance
is allowed to respond to a request. If unspecified, a system default will
be provided.
type: integer
format: int64
tolerations:
description: This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: array
items:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-tolerations
type: object
x-kubernetes-preserve-unknown-fields: true
topologySpreadConstraints:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: array
items:
description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints
type: object
x-kubernetes-preserve-unknown-fields: true
volumes:
description: |-
List of volumes that can be mounted by containers belonging to the pod.
More info: https://kubernetes.io/docs/concepts/storage/volumes
type: array
items:
description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
type: object
required:
- name
properties:
configMap:
description: configMap represents a configMap that should populate this volume
type: object
properties:
defaultMode:
description: |-
defaultMode is optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
Defaults to 0644.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
description: |-
items if unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the ConfigMap,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
x-kubernetes-map-type: atomic
csi:
description: This is accessible behind a feature flag - kubernetes.podspec-volumes-csi
type: object
x-kubernetes-preserve-unknown-fields: true
emptyDir:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir
type: object
x-kubernetes-preserve-unknown-fields: true
hostPath:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath
type: object
x-kubernetes-preserve-unknown-fields: true
image:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-volumes-image
type: object
x-kubernetes-preserve-unknown-fields: true
name:
description: |-
name of the volume.
Must be a DNS_LABEL and unique within the pod.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
persistentVolumeClaim:
description: |-
This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim
type: object
x-kubernetes-preserve-unknown-fields: true
projected:
description: projected items for all in one resources secrets, configmaps, and downward API
type: object
properties:
defaultMode:
description: |-
defaultMode are the mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
sources:
description: |-
sources is the list of volume projections. Each entry in this list
handles one source.
type: array
items:
description: |-
Projection that may be projected along with other supported volume types.
Exactly one of these fields must be set.
type: object
properties:
configMap:
description: configMap information about the configMap data to project
type: object
properties:
items:
description: |-
items if unspecified, each key-value pair in the Data field of the referenced
ConfigMap will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the ConfigMap,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: optional specify whether the ConfigMap or its keys must be defined
type: boolean
x-kubernetes-map-type: atomic
downwardAPI:
description: downwardAPI information about the downwardAPI data to project
type: object
properties:
items:
description: Items is a list of DownwardAPIVolume file
type: array
items:
description: DownwardAPIVolumeFile represents information to create the file containing the pod field
type: object
required:
- path
properties:
fieldRef:
description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
type: object
required:
- fieldPath
properties:
apiVersion:
description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified API version.
type: string
x-kubernetes-map-type: atomic
mode:
description: |-
Optional: mode bits used to set permissions on this file, must be an octal value
between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
type: string
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
type: object
required:
- resource
properties:
containerName:
description: 'Container name: required for volumes, optional for env vars'
type: string
divisor:
description: Specifies the output format of the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
x-kubernetes-map-type: atomic
x-kubernetes-list-type: atomic
secret:
description: secret information about the secret data to project
type: object
properties:
items:
description: |-
items if unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the Secret,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
optional:
description: optional field specify whether the Secret or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
serviceAccountToken:
description: serviceAccountToken is information about the serviceAccountToken data to project
type: object
required:
- path
properties:
audience:
description: |-
audience is the intended audience of the token. A recipient of a token
must identify itself with an identifier specified in the audience of the
token, and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
type: string
expirationSeconds:
description: |-
expirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours.Defaults to 1 hour
and must be at least 10 minutes.
type: integer
format: int64
path:
description: |-
path is the path relative to the mount point of the file to project the
token into.
type: string
x-kubernetes-list-type: atomic
secret:
description: |-
secret represents a secret that should populate this volume.
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: object
properties:
defaultMode:
description: |-
defaultMode is Optional: mode bits used to set permissions on created files by default.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values
for mode bits. Defaults to 0644.
Directories within the path are not affected by this setting.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
items:
description: |-
items If unspecified, each key-value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the
key and content is the value. If specified, the listed keys will be
projected into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in the Secret,
the volume setup will error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: key is the key to project.
type: string
mode:
description: |-
mode is Optional: mode bits used to set permissions on this file.
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
If not specified, the volume defaultMode will be used.
This might be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits set.
type: integer
format: int32
path:
description: |-
path is the relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
type: string
x-kubernetes-list-type: atomic
optional:
description: optional field specify whether the Secret or its keys must be defined
type: boolean
secretName:
description: |-
secretName is the name of the secret in the pod's namespace to use.
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
type: string
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
traffic:
description: |-
Traffic specifies how to distribute traffic over a collection of
revisions and configurations.
type: array
items:
description: TrafficTarget holds a single entry of the routing table for a Route.
type: object
properties:
configurationName:
description: |-
ConfigurationName of a configuration to whose latest revision we will send
this portion of traffic. When the "status.latestReadyRevisionName" of the
referenced configuration changes, we will automatically migrate traffic
from the prior "latest ready" revision to the new one. This field is never
set in Route's status, only its spec. This is mutually exclusive with
RevisionName.
type: string
latestRevision:
description: |-
LatestRevision may be optionally provided to indicate that the latest
ready Revision of the Configuration should be used for this traffic
target. When provided LatestRevision must be true if RevisionName is
empty; it must be false when RevisionName is non-empty.
type: boolean
percent:
description: |-
Percent indicates that percentage based routing should be used and
the value indicates the percent of traffic that is be routed to this
Revision or Configuration. `0` (zero) mean no traffic, `100` means all
traffic.
When percentage based routing is being used the follow rules apply:
- the sum of all percent values must equal 100
- when not specified, the implied value for `percent` is zero for
that particular Revision or Configuration
type: integer
format: int64
revisionName:
description: |-
RevisionName of a specific revision to which to send this portion of
traffic. This is mutually exclusive with ConfigurationName.
type: string
tag:
description: |-
Tag is optionally used to expose a dedicated url for referencing
this target exclusively.
type: string
url:
description: |-
URL displays the URL for accessing named traffic targets. URL is displayed in
status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
type: string
status:
description: ServiceStatus represents the Status stanza of the Service resource.
type: object
properties:
address:
description: Address holds the information needed for a Route to be the target of an event.
type: object
properties:
CACerts:
description: |-
CACerts is the Certification Authority (CA) certificates in PEM format
according to https://www.rfc-editor.org/rfc/rfc7468.
type: string
audience:
description: Audience is the OIDC audience for this address.
type: string
name:
description: Name is the name of the address.
type: string
url:
type: string
annotations:
description: |-
Annotations is additional Status fields for the Resource to save some
additional State as well as convey more information to the user. This is
roughly akin to Annotations on any k8s resource, just the reconciler conveying
richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: |-
Condition defines a readiness condition for a Knative resource.
See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time the condition transitioned from one status to another.
We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: |-
Severity with which to treat failures of this type of condition.
When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
latestCreatedRevisionName:
description: |-
LatestCreatedRevisionName is the last revision that was created from this
Configuration. It might not be ready yet, for that use LatestReadyRevisionName.
type: string
latestReadyRevisionName:
description: |-
LatestReadyRevisionName holds the name of the latest Revision stamped out
from this Configuration that has had its "Ready" condition become "True".
type: string
observedGeneration:
description: |-
ObservedGeneration is the 'Generation' of the Service that
was last processed by the controller.
type: integer
format: int64
traffic:
description: |-
Traffic holds the configured traffic distribution.
These entries will always contain RevisionName references.
When ConfigurationName appears in the spec, this will hold the
LatestReadyRevisionName that we last observed.
type: array
items:
description: TrafficTarget holds a single entry of the routing table for a Route.
type: object
properties:
configurationName:
description: |-
ConfigurationName of a configuration to whose latest revision we will send
this portion of traffic. When the "status.latestReadyRevisionName" of the
referenced configuration changes, we will automatically migrate traffic
from the prior "latest ready" revision to the new one. This field is never
set in Route's status, only its spec. This is mutually exclusive with
RevisionName.
type: string
latestRevision:
description: |-
LatestRevision may be optionally provided to indicate that the latest
ready Revision of the Configuration should be used for this traffic
target. When provided LatestRevision must be true if RevisionName is
empty; it must be false when RevisionName is non-empty.
type: boolean
percent:
description: |-
Percent indicates that percentage based routing should be used and
the value indicates the percent of traffic that is be routed to this
Revision or Configuration. `0` (zero) mean no traffic, `100` means all
traffic.
When percentage based routing is being used the follow rules apply:
- the sum of all percent values must equal 100
- when not specified, the implied value for `percent` is zero for
that particular Revision or Configuration
type: integer
format: int64
revisionName:
description: |-
RevisionName of a specific revision to which to send this portion of
traffic. This is mutually exclusive with ConfigurationName.
type: string
tag:
description: |-
Tag is optionally used to expose a dedicated url for referencing
this target exclusively.
type: string
url:
description: |-
URL displays the URL for accessing named traffic targets. URL is displayed in
status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and
a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)
type: string
url:
description: |-
URL holds the url that will distribute traffic over the provided traffic targets.
It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix}
type: string
---
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: images.caching.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.19.0"
knative.dev/crd-install: "true"
spec:
group: caching.internal.knative.dev
names:
kind: Image
plural: images
singular: image
categories:
- knative-internal
- caching
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: |-
Image is a Knative abstraction that encapsulates the interface by which Knative
components express a desire to have a particular image cached.
type: object
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec holds the desired state of the Image (from the client).
type: object
required:
- image
properties:
image:
description: Image is the name of the container image url to cache across the cluster.
type: string
imagePullSecrets:
description: |-
ImagePullSecrets contains the names of the Kubernetes Secrets containing login
information used by the Pods which will run this container.
type: array
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
type: object
properties:
name:
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
default: ""
x-kubernetes-map-type: atomic
serviceAccountName:
description: |-
ServiceAccountName is the name of the Kubernetes ServiceAccount as which the Pods
will run this container. This is potentially used to authenticate the image pull
if the service account has attached pull secrets. For more information:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
type: string
status:
description: Status communicates the observed state of the Image (from the controller).
type: object
properties:
annotations:
description: |-
Annotations is additional Status fields for the Resource to save some
additional State as well as convey more information to the user. This is
roughly akin to Annotations on any k8s resource, just the reconciler conveying
richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: |-
Condition defines a readiness condition for a Knative resource.
See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time the condition transitioned from one status to another.
We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic
differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: |-
Severity with which to treat failures of this type of condition.
When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
observedGeneration:
description: |-
ObservedGeneration is the 'Generation' of the Service that
was last processed by the controller.
type: integer
format: int64
additionalPrinterColumns:
- name: Image
type: string
jsonPath: .spec.image
---
View git blame Copy permalink