From 301de5e8abee70049514e1d1e146b79118b5e467 Mon Sep 17 00:00:00 2001 From: zoumo Date: Thu, 18 Dec 2025 19:40:44 +0800 Subject: [PATCH 1/2] feat: add workload status in rollout status --- .../apps/apps.kusionstack.io_collasets.yaml | 134 +-- .../apps.kusionstack.io_poddecorations.yaml | 918 +++++++----------- ...ollout.kusionstack.io_backendroutings.yaml | 17 +- .../rollout.kusionstack.io_rollouts.yaml | 60 ++ rollout/v1alpha1/rollout_types.go | 4 + rollout/v1alpha1/zz_generated.deepcopy.go | 5 + 6 files changed, 443 insertions(+), 695 deletions(-) diff --git a/config/crd/apps/apps.kusionstack.io_collasets.yaml b/config/crd/apps/apps.kusionstack.io_collasets.yaml index a738915..8d5f19b 100644 --- a/config/crd/apps/apps.kusionstack.io_collasets.yaml +++ b/config/crd/apps/apps.kusionstack.io_collasets.yaml @@ -304,26 +304,25 @@ spec: type: object spec: description: |- - spec defines the desired characteristics of a volume requested by a pod author. + Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: accessModes: description: |- - accessModes contains the desired access modes the volume should have. + AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array dataSource: description: |- - dataSource field can be used to specify either: + This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. + If the AnyVolumeDataSource feature gate is enabled, this field will always have + the same contents as the DataSourceRef field. properties: apiGroup: description: |- @@ -344,29 +343,23 @@ spec: x-kubernetes-map-type: atomic dataSourceRef: description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non + Specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the dataSource field and as such + This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same + compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef + There are two important differences between DataSource and DataSourceRef: + * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef + * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled. properties: apiGroup: description: |- @@ -380,52 +373,16 @@ spec: name: description: Name is the name of resource being referenced type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string required: - kind - name type: object + x-kubernetes-map-type: atomic resources: description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. + Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -447,13 +404,13 @@ spec: description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. + otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object selector: - description: selector is a label query over volumes to consider - for binding. + description: A label query over volumes to consider for + binding. properties: matchExpressions: description: matchExpressions is a list of label selector @@ -498,7 +455,7 @@ spec: x-kubernetes-map-type: atomic storageClassName: description: |- - storageClassName is the name of the StorageClass required by the claim. + Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 type: string volumeMode: @@ -507,40 +464,23 @@ spec: Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the + description: VolumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object status: description: |- - status represents the current information/status of a persistent volume claim. + Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: accessModes: description: |- - accessModes contains the actual access modes the volume backing the PVC has. + AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may - be larger than the actual capacity when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - If a volume expansion capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress and if the actual volume capacity - is equal or lower than the requested capacity. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: object capacity: additionalProperties: anyOf: @@ -548,34 +488,33 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: capacity represents the actual resources of - the underlying volume. + description: Represents the actual resources of the underlying + volume. type: object conditions: description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contains details + description: PersistentVolumeClaimCondition contails details about state of pvc properties: lastProbeTime: - description: lastProbeTime is the time we probed the - condition. + description: Last time we probed the condition. format: date-time type: string lastTransitionTime: - description: lastTransitionTime is the time the condition - transitioned from one status to another. + description: Last time the condition transitioned + from one status to another. format: date-time type: string message: - description: message is the human-readable message - indicating details about last transition. + description: Human-readable message indicating details + about last transition. type: string reason: description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason + Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. type: string @@ -591,14 +530,7 @@ spec: type: object type: array phase: - description: phase represents the current phase of PersistentVolumeClaim. - type: string - resizeStatus: - description: |- - resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty - string by resize controller or kubelet. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. + description: Phase represents the current phase of PersistentVolumeClaim. type: string type: object type: object diff --git a/config/crd/apps/apps.kusionstack.io_poddecorations.yaml b/config/crd/apps/apps.kusionstack.io_poddecorations.yaml index f0d7f20..d841b47 100644 --- a/config/crd/apps/apps.kusionstack.io_poddecorations.yaml +++ b/config/crd/apps/apps.kusionstack.io_poddecorations.yaml @@ -478,6 +478,7 @@ spec: and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list @@ -527,7 +528,7 @@ spec: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". + null or empty namespaces list and null namespaceSelector means "this pod's namespace" items: type: string type: array @@ -624,6 +625,7 @@ spec: and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list @@ -672,7 +674,7 @@ spec: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". + null or empty namespaces list and null namespaceSelector means "this pod's namespace" items: type: string type: array @@ -768,6 +770,7 @@ spec: and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list @@ -817,7 +820,7 @@ spec: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". + null or empty namespaces list and null namespaceSelector means "this pod's namespace" items: type: string type: array @@ -914,6 +917,7 @@ spec: and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list @@ -962,7 +966,7 @@ spec: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". + null or empty namespaces list and null namespaceSelector means "this pod's namespace" items: type: string type: array @@ -990,7 +994,7 @@ spec: args: description: |- Arguments to the entrypoint. - The container image's CMD is used if this is not provided. + The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will @@ -1003,7 +1007,7 @@ spec: command: description: |- Entrypoint array. Not executed within a shell. - The container image's ENTRYPOINT is used if this is not provided. + The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will @@ -1179,7 +1183,7 @@ spec: type: array image: description: |- - Container image name. + Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. @@ -1210,7 +1214,9 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: |- + One and only one of the following should be specified. + Exec specifies the action to take. properties: command: description: |- @@ -1240,9 +1246,7 @@ spec: header to be used in HTTP probes properties: name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. + description: The header field name type: string value: description: The header field value @@ -1274,9 +1278,9 @@ spec: type: object tcpSocket: description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle hook properties: host: description: 'Optional: Host name to connect @@ -1300,15 +1304,18 @@ spec: PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the + container crashes or exits. The reason for termination is passed to the + handler. The Pod's termination grace period countdown begins before the + PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes + period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: |- + One and only one of the following should be specified. + Exec specifies the action to take. properties: command: description: |- @@ -1338,9 +1345,7 @@ spec: header to be used in HTTP probes properties: name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. + description: The header field name type: string value: description: The header field value @@ -1372,9 +1377,9 @@ spec: type: object tcpSocket: description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle hook properties: host: description: 'Optional: Host name to connect @@ -1402,7 +1407,9 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: |- + One and only one of the following should be specified. + Exec specifies the action to take. properties: command: description: |- @@ -1421,26 +1428,6 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object httpGet: description: HTTPGet specifies the http request to perform. properties: @@ -1457,9 +1444,7 @@ spec: to be used in HTTP probes properties: name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. + description: The header field name type: string value: description: The header field value @@ -1508,8 +1493,10 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: |- + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle hook properties: host: description: 'Optional: Host name to connect to, @@ -1557,12 +1544,12 @@ spec: type: string ports: description: |- - List of ports to expose from the container. Not specifying a port here + List of ports to expose from the container. Exposing a port here gives + the system additional information about the network connections a + container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. items: description: ContainerPort represents a network port in @@ -1614,7 +1601,9 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: |- + One and only one of the following should be specified. + Exec specifies the action to take. properties: command: description: |- @@ -1633,26 +1622,6 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object httpGet: description: HTTPGet specifies the http request to perform. properties: @@ -1669,9 +1638,7 @@ spec: to be used in HTTP probes properties: name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. + description: The header field name type: string value: description: The header field value @@ -1720,8 +1687,10 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: |- + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle hook properties: host: description: 'Optional: Host name to connect to, @@ -1761,62 +1730,12 @@ spec: format: int32 type: integer type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: |- - Name of the resource to which this resource resize policy applies. - Supported values: cpu, memory. - type: string - restartPolicy: - description: |- - Restart policy to apply when specified resource is resized. - If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic resources: description: |- Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1838,7 +1757,7 @@ spec: description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. + otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object @@ -1856,13 +1775,11 @@ spec: AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. type: boolean capabilities: description: |- The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -1884,7 +1801,6 @@ spec: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: description: |- @@ -1892,13 +1808,11 @@ spec: The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: |- Whether this container has a read-only root filesystem. Default is false. - Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: |- @@ -1906,7 +1820,6 @@ spec: Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -1924,7 +1837,6 @@ spec: Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -1933,7 +1845,6 @@ spec: If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -1957,7 +1868,6 @@ spec: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: description: |- @@ -1984,7 +1894,6 @@ spec: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: description: |- @@ -2026,7 +1935,9 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: |- + One and only one of the following should be specified. + Exec specifies the action to take. properties: command: description: |- @@ -2045,26 +1956,6 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object httpGet: description: HTTPGet specifies the http request to perform. properties: @@ -2081,9 +1972,7 @@ spec: to be used in HTTP probes properties: name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. + description: The header field name type: string value: description: The header field value @@ -2132,8 +2021,10 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: |- + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle hook properties: host: description: 'Optional: Host name to connect to, @@ -2301,7 +2192,7 @@ spec: args: description: |- Arguments to the entrypoint. - The container image's CMD is used if this is not provided. + The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will @@ -2314,7 +2205,7 @@ spec: command: description: |- Entrypoint array. Not executed within a shell. - The container image's ENTRYPOINT is used if this is not provided. + The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will @@ -2490,7 +2381,7 @@ spec: type: array image: description: |- - Container image name. + Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. @@ -2516,7 +2407,9 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: |- + One and only one of the following should be specified. + Exec specifies the action to take. properties: command: description: |- @@ -2546,9 +2439,7 @@ spec: header to be used in HTTP probes properties: name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. + description: The header field name type: string value: description: The header field value @@ -2580,9 +2471,9 @@ spec: type: object tcpSocket: description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle hook properties: host: description: 'Optional: Host name to connect @@ -2606,15 +2497,18 @@ spec: PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the + container crashes or exits. The reason for termination is passed to the + handler. The Pod's termination grace period countdown begins before the + PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes + period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: |- + One and only one of the following should be specified. + Exec specifies the action to take. properties: command: description: |- @@ -2644,9 +2538,7 @@ spec: header to be used in HTTP probes properties: name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. + description: The header field name type: string value: description: The header field value @@ -2678,9 +2570,9 @@ spec: type: object tcpSocket: description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle hook properties: host: description: 'Optional: Host name to connect @@ -2708,7 +2600,9 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: |- + One and only one of the following should be specified. + Exec specifies the action to take. properties: command: description: |- @@ -2727,26 +2621,6 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object httpGet: description: HTTPGet specifies the http request to perform. properties: @@ -2763,9 +2637,7 @@ spec: to be used in HTTP probes properties: name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. + description: The header field name type: string value: description: The header field value @@ -2814,8 +2686,10 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: |- + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle hook properties: host: description: 'Optional: Host name to connect to, @@ -2863,12 +2737,12 @@ spec: type: string ports: description: |- - List of ports to expose from the container. Not specifying a port here + List of ports to expose from the container. Exposing a port here gives + the system additional information about the network connections a + container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. items: description: ContainerPort represents a network port in @@ -2920,7 +2794,9 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: |- + One and only one of the following should be specified. + Exec specifies the action to take. properties: command: description: |- @@ -2939,26 +2815,6 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object httpGet: description: HTTPGet specifies the http request to perform. properties: @@ -2975,9 +2831,7 @@ spec: to be used in HTTP probes properties: name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. + description: The header field name type: string value: description: The header field value @@ -3026,8 +2880,10 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: |- + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle hook properties: host: description: 'Optional: Host name to connect to, @@ -3067,62 +2923,12 @@ spec: format: int32 type: integer type: object - resizePolicy: - description: Resources resize policy for the container. - items: - description: ContainerResizePolicy represents resource - resize policy for the container. - properties: - resourceName: - description: |- - Name of the resource to which this resource resize policy applies. - Supported values: cpu, memory. - type: string - restartPolicy: - description: |- - Restart policy to apply when specified resource is resized. - If not specified, it defaults to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic resources: description: |- Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3144,7 +2950,7 @@ spec: description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. + otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object @@ -3162,13 +2968,11 @@ spec: AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. type: boolean capabilities: description: |- The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -3190,7 +2994,6 @@ spec: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: description: |- @@ -3198,13 +3001,11 @@ spec: The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: description: |- Whether this container has a read-only root filesystem. Default is false. - Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: |- @@ -3212,7 +3013,6 @@ spec: Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -3230,7 +3030,6 @@ spec: Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -3239,7 +3038,6 @@ spec: If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -3263,7 +3061,6 @@ spec: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: description: |- @@ -3290,7 +3087,6 @@ spec: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: description: |- @@ -3332,7 +3128,9 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: |- + One and only one of the following should be specified. + Exec specifies the action to take. properties: command: description: |- @@ -3351,26 +3149,6 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer - grpc: - description: GRPC specifies an action involving a GRPC - port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object httpGet: description: HTTPGet specifies the http request to perform. properties: @@ -3387,9 +3165,7 @@ spec: to be used in HTTP probes properties: name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. + description: The header field name type: string value: description: The header field value @@ -3438,8 +3214,10 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: |- + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle hook properties: host: description: 'Optional: Host name to connect to, @@ -3862,13 +3640,13 @@ spec: properties: awsElasticBlockStore: description: |- - awsElasticBlockStore represents an AWS Disk resource that is attached to a + AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: description: |- - fsType is the filesystem type of the volume that you want to mount. + Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore @@ -3876,7 +3654,7 @@ spec: type: string partition: description: |- - partition is the partition in the volume that you want to mount. + The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). @@ -3884,49 +3662,48 @@ spec: type: integer readOnly: description: |- - readOnly value true will force the readOnly setting in VolumeMounts. + Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". + If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: boolean volumeID: description: |- - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: - None, Read Only, Read Write.' + description: 'Host Caching mode: None, Read Only, Read + Write.' type: string diskName: - description: diskName is the Name of the data disk in - the blob storage + description: The Name of the data disk in the blob storage type: string diskURI: - description: diskURI is the URI of data disk in the - blob storage + description: The URI the data disk in the blob storage type: string fsType: description: |- - fsType is Filesystem type to mount. + Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single - blob disk per storage account Managed: azure managed - data disk (only in managed availability set). defaults + description: 'Expected values Shared: multiple blob + disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' type: string readOnly: description: |- - readOnly Defaults to false (read/write). ReadOnly here will force + Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: @@ -3934,54 +3711,54 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: description: |- - readOnly defaults to false (read/write). ReadOnly here will force + Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that - contains Azure Storage Account Name and Key + description: the name of secret that contains Azure + Storage Account Name and Key type: string shareName: - description: shareName is the azure share Name + description: Share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: description: |- - monitors is Required: Monitors is a collection of Ceph monitors + Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it items: type: string type: array path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default is /' + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' type: string readOnly: description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: boolean secretFile: description: |- - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string secretRef: description: |- - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: @@ -3994,7 +3771,7 @@ spec: x-kubernetes-map-type: atomic user: description: |- - user is optional: User is the rados user name, default is admin + Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string required: @@ -4002,25 +3779,25 @@ spec: type: object cinder: description: |- - cinder represents a cinder volume attached and mounted on kubelets host machine. + Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: description: |- - fsType is the filesystem type to mount. + Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string readOnly: description: |- - readOnly defaults to false (read/write). ReadOnly here will force + Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: boolean secretRef: description: |- - secretRef is optional: points to a secret object containing parameters used to connect + Optional: points to a secret object containing parameters used to connect to OpenStack. properties: name: @@ -4033,19 +3810,19 @@ spec: x-kubernetes-map-type: atomic volumeID: description: |- - volumeID used to identify the volume in cinder. + volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that should + description: ConfigMap represents a configMap that should populate this volume properties: defaultMode: description: |- - defaultMode is optional: mode bits used to set permissions on created files by default. + Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. @@ -4056,7 +3833,7 @@ spec: type: integer items: description: |- - items if unspecified, each key-value pair in the Data field of the referenced + If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -4068,11 +3845,11 @@ spec: volume. properties: key: - description: key is the key to project. + description: The key to project. type: string mode: description: |- - mode is Optional: mode bits used to set permissions on this file. + Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. @@ -4082,7 +3859,7 @@ spec: type: integer path: description: |- - path is the relative path of the file to map the key to. + The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. @@ -4099,30 +3876,30 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined + description: Specify whether the ConfigMap or its keys + must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents + description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: driver: description: |- - driver is the name of the CSI driver that handles this volume. + Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: description: |- - fsType to mount. Ex. "ext4", "xfs", "ntfs". + Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. type: string nodePublishSecretRef: description: |- - nodePublishSecretRef is a reference to the secret object containing + NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the @@ -4138,21 +3915,21 @@ spec: x-kubernetes-map-type: atomic readOnly: description: |- - readOnly specifies a read-only configuration for the volume. + Specifies a read-only configuration for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string description: |- - volumeAttributes stores driver-specific properties that are passed to the CSI + VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about the + description: DownwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: @@ -4239,12 +4016,12 @@ spec: type: object emptyDir: description: |- - emptyDir represents a temporary directory that shares a pod's lifetime. + EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir properties: medium: description: |- - medium represents what type of storage medium should back this directory. + What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -4254,18 +4031,18 @@ spec: - type: integer - type: string description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. + Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: description: |- - ephemeral represents a volume that is handled by a cluster storage driver. + Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. @@ -4293,6 +4070,10 @@ spec: A pod can use both types of ephemeral volumes and persistent volumes at the same time. + + + This is a beta feature and only available when the GenericEphemeralVolume + feature gate is enabled. properties: volumeClaimTemplate: description: |- @@ -4353,21 +4134,20 @@ spec: properties: accessModes: description: |- - accessModes contains the desired access modes the volume should have. + AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array dataSource: description: |- - dataSource field can be used to specify either: + This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. + If the AnyVolumeDataSource feature gate is enabled, this field will always have + the same contents as the DataSourceRef field. properties: apiGroup: description: |- @@ -4390,29 +4170,23 @@ spec: x-kubernetes-map-type: atomic dataSourceRef: description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non + Specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the dataSource field and as such + This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same + compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef + There are two important differences between DataSource and DataSourceRef: + * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef + * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled. properties: apiGroup: description: |- @@ -4428,52 +4202,16 @@ spec: description: Name is the name of resource being referenced type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string required: - kind - name type: object + x-kubernetes-map-type: atomic resources: description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. + Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4495,13 +4233,13 @@ spec: description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. + otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object selector: - description: selector is a label query over - volumes to consider for binding. + description: A label query over volumes to consider + for binding. properties: matchExpressions: description: matchExpressions is a list @@ -4547,7 +4285,7 @@ spec: x-kubernetes-map-type: atomic storageClassName: description: |- - storageClassName is the name of the StorageClass required by the claim. + Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 type: string volumeMode: @@ -4556,7 +4294,7 @@ spec: Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference + description: VolumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -4565,35 +4303,34 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource that + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: description: |- - fsType is the filesystem type to mount. + Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: - description: 'lun is Optional: FC target lun number' + description: 'Optional: FC target lun number' format: int32 type: integer readOnly: description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' + description: 'Optional: FC target worldwide names (WWNs)' items: type: string type: array wwids: description: |- - wwids Optional: FC volume world wide identifiers (wwids) + Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. items: type: string @@ -4601,33 +4338,32 @@ spec: type: object flexVolume: description: |- - flexVolume represents a generic volume resource that is + FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: driver is the name of the driver to use + description: Driver is the name of the driver to use for this volume. type: string fsType: description: |- - fsType is the filesystem type to mount. + Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field holds - extra command options if any.' + description: 'Optional: Extra command options if any.' type: object readOnly: description: |- - readOnly is Optional: defaults to false (read/write). ReadOnly here will force + Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: description: |- - secretRef is Optional: secretRef is reference to the secret object containing + Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin @@ -4645,29 +4381,29 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: description: |- - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset + description: UUID of the dataset. This is unique identifier + of a Flocker dataset type: string type: object gcePersistentDisk: description: |- - gcePersistentDisk represents a GCE Disk resource that is attached to a + GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: description: |- - fsType is filesystem type of the volume that you want to mount. + Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -4675,7 +4411,7 @@ spec: type: string partition: description: |- - partition is the partition in the volume that you want to mount. + The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). @@ -4684,12 +4420,12 @@ spec: type: integer pdName: description: |- - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: string readOnly: description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. + ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: boolean @@ -4698,46 +4434,45 @@ spec: type: object gitRepo: description: |- - gitRepo represents a git repository at a particular revision. + GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. properties: directory: description: |- - directory is the target directory name. + Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. type: string repository: - description: repository is the URL + description: Repository URL type: string revision: - description: revision is the commit hash for the specified - revision. + description: Commit hash for the specified revision. type: string required: - repository type: object glusterfs: description: |- - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: description: |- - endpoints is the endpoint name that details Glusterfs topology. + EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string path: description: |- - path is the Glusterfs volume path. + Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string readOnly: description: |- - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: boolean @@ -4747,7 +4482,7 @@ spec: type: object hostPath: description: |- - hostPath represents a pre-existing file or directory on the host + HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. @@ -4758,13 +4493,13 @@ spec: properties: path: description: |- - path of the directory on the host. + Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string type: description: |- - type for HostPath Volume + Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string @@ -4773,21 +4508,19 @@ spec: type: object iscsi: description: |- - iscsi represents an ISCSI Disk resource that is attached to a + ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support - iSCSI Discovery CHAP authentication + description: whether support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication + description: whether support iSCSI Session CHAP authentication type: boolean fsType: description: |- - fsType is the filesystem type of the volume that you want to mount. + Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi @@ -4795,37 +4528,37 @@ spec: type: string initiatorName: description: |- - initiatorName is the custom iSCSI Initiator Name. + Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified Name. + description: Target iSCSI Qualified Name. type: string iscsiInterface: description: |- - iscsiInterface is the interface Name that uses an iSCSI transport. + iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. + description: iSCSI Target Lun number. format: int32 type: integer portals: description: |- - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. + ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI - target and initiator authentication + description: CHAP Secret for iSCSI target and initiator + authentication properties: name: description: |- @@ -4837,7 +4570,7 @@ spec: x-kubernetes-map-type: atomic targetPortal: description: |- - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). type: string required: @@ -4847,29 +4580,30 @@ spec: type: object name: description: |- - name of the volume. + Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string nfs: description: |- - nfs represents an NFS mount on the host that shares a pod's lifetime + NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs properties: path: description: |- - path that is exported by the NFS server. + Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string readOnly: description: |- - readOnly here will force the NFS export to be mounted with read-only permissions. + ReadOnly here will force + the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: boolean server: description: |- - server is the hostname or IP address of the NFS server. + Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string required: @@ -4878,70 +4612,70 @@ spec: type: object persistentVolumeClaim: description: |- - persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: claimName: description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims type: string readOnly: description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. + Will force the ReadOnly setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: description: |- - fsType is the filesystem type to mount. + Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk + description: ID that identifies Photon Controller persistent + disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: description: |- - fSType represents the filesystem type to mount + FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: description: |- - readOnly defaults to false (read/write). ReadOnly here will force + Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx + description: VolumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources secrets, - configmaps, and downward API + description: Items for all in one resources secrets, configmaps, + and downward API properties: defaultMode: description: |- - defaultMode are the mode bits used to set permissions on created files by default. + Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. @@ -4950,18 +4684,18 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: list of volume projections items: description: Projection that may be projected along with other supported volume types properties: configMap: - description: configMap information about the configMap - data to project + description: information about the configMap data + to project properties: items: description: |- - items if unspecified, each key-value pair in the Data field of the referenced + If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -4973,11 +4707,11 @@ spec: within a volume. properties: key: - description: key is the key to project. + description: The key to project. type: string mode: description: |- - mode is Optional: mode bits used to set permissions on this file. + Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. @@ -4987,7 +4721,7 @@ spec: type: integer path: description: |- - path is the relative path of the file to map the key to. + The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. @@ -5004,14 +4738,14 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: optional specify whether the - ConfigMap or its keys must be defined + description: Specify whether the ConfigMap + or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about the - downwardAPI data to project + description: information about the downwardAPI + data to project properties: items: description: Items is a list of DownwardAPIVolume @@ -5090,12 +4824,12 @@ spec: type: array type: object secret: - description: secret information about the secret - data to project + description: information about the secret data + to project properties: items: description: |- - items if unspecified, each key-value pair in the Data field of the referenced + If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -5107,11 +4841,11 @@ spec: within a volume. properties: key: - description: key is the key to project. + description: The key to project. type: string mode: description: |- - mode is Optional: mode bits used to set permissions on this file. + Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. @@ -5121,7 +4855,7 @@ spec: type: integer path: description: |- - path is the relative path of the file to map the key to. + The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. @@ -5138,25 +4872,25 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: optional field specify whether - the Secret or its key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to project + description: information about the serviceAccountToken + data to project properties: audience: description: |- - audience is the intended audience of the token. A recipient of a token + Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. type: string expirationSeconds: description: |- - expirationSeconds is the requested duration of validity of the service + ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of @@ -5166,7 +4900,7 @@ spec: type: integer path: description: |- - path is the path relative to the mount point of the file to project the + Path is the path relative to the mount point of the file to project the token into. type: string required: @@ -5176,37 +4910,37 @@ spec: type: array type: object quobyte: - description: quobyte represents a Quobyte mount on the host + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: description: |- - group to map volume access to + Group to map volume access to Default is no group type: string readOnly: description: |- - readOnly here will force the Quobyte volume to be mounted with read-only permissions. + ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: description: |- - registry represents a single or multiple Quobyte Registry services + Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: description: |- - tenant owning the given Quobyte volume in the Backend + Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: description: |- - user to map volume access to + User to map volume access to Defaults to serivceaccount user type: string volume: - description: volume is a string that references an already + description: Volume is a string that references an already created Quobyte volume by name. type: string required: @@ -5215,12 +4949,12 @@ spec: type: object rbd: description: |- - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: description: |- - fsType is the filesystem type of the volume that you want to mount. + Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd @@ -5228,37 +4962,37 @@ spec: type: string image: description: |- - image is the rados image name. + The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: description: |- - keyring is the path to key ring for RBDUser. + Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string monitors: description: |- - monitors is a collection of Ceph monitors. + A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it items: type: string type: array pool: description: |- - pool is the rados pool name. + The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string readOnly: description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. + ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: boolean secretRef: description: |- - secretRef is name of the authentication secret for RBDUser. If provided + SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -5273,7 +5007,7 @@ spec: x-kubernetes-map-type: atomic user: description: |- - user is the rados user name. + The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string @@ -5282,32 +5016,31 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: description: |- - fsType is the filesystem type to mount. + Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the ScaleIO - API Gateway. + description: The host address of the ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. + description: The name of the ScaleIO Protection Domain + for the configured storage. type: string readOnly: description: |- - readOnly Defaults to false (read/write). ReadOnly here will force + Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: description: |- - secretRef references to the secret for ScaleIO user and other + SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: name: @@ -5319,25 +5052,25 @@ spec: type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL communication + description: Flag to enable/disable SSL communication with Gateway, default false type: boolean storageMode: description: |- - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage Pool - associated with the protection domain. + description: The ScaleIO Storage Pool associated with + the protection domain. type: string system: - description: system is the name of the storage system - as configured in ScaleIO. + description: The name of the storage system as configured + in ScaleIO. type: string volumeName: description: |- - volumeName is the name of a volume already created in the ScaleIO system + The name of a volume already created in the ScaleIO system that is associated with this volume source. type: string required: @@ -5347,12 +5080,12 @@ spec: type: object secret: description: |- - secret represents a secret that should populate this volume. + Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret properties: defaultMode: description: |- - defaultMode is Optional: mode bits used to set permissions on created files by default. + Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. @@ -5363,7 +5096,7 @@ spec: type: integer items: description: |- - items If unspecified, each key-value pair in the Data field of the referenced + If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -5375,11 +5108,11 @@ spec: volume. properties: key: - description: key is the key to project. + description: The key to project. type: string mode: description: |- - mode is Optional: mode bits used to set permissions on this file. + Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. @@ -5389,7 +5122,7 @@ spec: type: integer path: description: |- - path is the relative path of the file to map the key to. + The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. @@ -5400,33 +5133,33 @@ spec: type: object type: array optional: - description: optional field specify whether the Secret - or its keys must be defined + description: Specify whether the Secret or its keys + must be defined type: boolean secretName: description: |- - secretName is the name of the secret in the pod's namespace to use. + Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: string type: object storageos: - description: storageOS represents a StorageOS volume attached + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: description: |- - fsType is the filesystem type to mount. + Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: description: |- - readOnly defaults to false (read/write). ReadOnly here will force + Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: description: |- - secretRef specifies the secret to use for obtaining the StorageOS API + SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: name: @@ -5439,12 +5172,12 @@ spec: x-kubernetes-map-type: atomic volumeName: description: |- - volumeName is the human-readable name of the StorageOS volume. Volume + VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: description: |- - volumeNamespace specifies the scope of the volume within StorageOS. If no + VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. @@ -5453,26 +5186,25 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: description: |- - fsType is filesystem type to mount. + Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. + description: Storage Policy Based Management (SPBM) + profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy - Based Management (SPBM) profile name. + description: Storage Policy Based Management (SPBM) + profile name. type: string volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk + description: Path that identifies vSphere volume vmdk type: string required: - volumePath diff --git a/config/crd/rollout/rollout.kusionstack.io_backendroutings.yaml b/config/crd/rollout/rollout.kusionstack.io_backendroutings.yaml index 624c68a..ba2bf57 100644 --- a/config/crd/rollout/rollout.kusionstack.io_backendroutings.yaml +++ b/config/crd/rollout/rollout.kusionstack.io_backendroutings.yaml @@ -2409,7 +2409,22 @@ spec: conditions: description: Conditions is the list of conditions items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: |- + Condition contains details for one aspect of the current state of this API Resource. + --- + This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields + } properties: lastTransitionTime: description: |- diff --git a/config/crd/rollout/rollout.kusionstack.io_rollouts.yaml b/config/crd/rollout/rollout.kusionstack.io_rollouts.yaml index 4b0fb2f..305b2fa 100644 --- a/config/crd/rollout/rollout.kusionstack.io_rollouts.yaml +++ b/config/crd/rollout/rollout.kusionstack.io_rollouts.yaml @@ -219,6 +219,66 @@ spec: rolloutID: description: RolloutID is reference to rolloutRun name. type: string + workloadStatuses: + description: WorkloadStatuses describes the referenced workloads status + items: + properties: + availableReplicas: + description: AvailableReplicas is the number of service available + pods targeted by workload. + format: int32 + type: integer + cluster: + description: Cluster defines which cluster the workload is in. + type: string + generation: + description: Generation is the found in workload metadata. + format: int64 + type: integer + name: + description: Name is the workload name + type: string + observedGeneration: + description: ObservedGeneration is the most recent generation + observed for this workload. + format: int64 + type: integer + replicas: + description: Replicas is the desired number of pods targeted + by workload + format: int32 + type: integer + stableRevision: + description: StableRevision is the old stable revision used + to generate pods. + type: string + updatedAvailableReplicas: + description: UpdatedAvailableReplicas is the number of service + available pods targeted by workload that have the updated + template spec. + format: int32 + type: integer + updatedReadyReplicas: + description: UpdatedReadyReplicas is the number of ready pods + targeted by workload that have the updated template spec. + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of pods targeted + by workload that have the updated template spec. + format: int32 + type: integer + updatedRevision: + description: UpdatedRevision is the updated template revision + used to generate pods. + type: string + required: + - replicas + - updatedAvailableReplicas + - updatedReadyReplicas + - updatedReplicas + type: object + type: array type: object type: object served: true diff --git a/rollout/v1alpha1/rollout_types.go b/rollout/v1alpha1/rollout_types.go index bc08ed0..1d25b89 100644 --- a/rollout/v1alpha1/rollout_types.go +++ b/rollout/v1alpha1/rollout_types.go @@ -123,6 +123,10 @@ type RolloutStatus struct { LastUpdateTime *metav1.Time `json:"lastUpdateTime,omitempty"` // RolloutID is reference to rolloutRun name. RolloutID string `json:"rolloutID,omitempty"` + + // WorkloadStatuses describes the referenced workloads status + // +optional + WorkloadStatuses []RolloutWorkloadStatus `json:"workloadStatuses,omitempty"` } // RolloutPhase indicates the current rollout phase diff --git a/rollout/v1alpha1/zz_generated.deepcopy.go b/rollout/v1alpha1/zz_generated.deepcopy.go index 1630d99..23ca7c5 100644 --- a/rollout/v1alpha1/zz_generated.deepcopy.go +++ b/rollout/v1alpha1/zz_generated.deepcopy.go @@ -1326,6 +1326,11 @@ func (in *RolloutStatus) DeepCopyInto(out *RolloutStatus) { in, out := &in.LastUpdateTime, &out.LastUpdateTime *out = (*in).DeepCopy() } + if in.WorkloadStatuses != nil { + in, out := &in.WorkloadStatuses, &out.WorkloadStatuses + *out = make([]RolloutWorkloadStatus, len(*in)) + copy(*out, *in) + } return } From ced8934525ff43ae3bd32f1b04f8c12766a85965 Mon Sep 17 00:00:00 2001 From: zoumo Date: Thu, 18 Dec 2025 19:44:03 +0800 Subject: [PATCH 2/2] refactor(rollout): make replicas fields optional in status --- .../rollout.kusionstack.io_rolloutruns.yaml | 15 --------------- .../rollout/rollout.kusionstack.io_rollouts.yaml | 5 ----- rollout/v1alpha1/rollout_types.go | 4 ++++ 3 files changed, 4 insertions(+), 20 deletions(-) diff --git a/config/crd/rollout/rollout.kusionstack.io_rolloutruns.yaml b/config/crd/rollout/rollout.kusionstack.io_rolloutruns.yaml index b580d4e..6ceb9d2 100644 --- a/config/crd/rollout/rollout.kusionstack.io_rolloutruns.yaml +++ b/config/crd/rollout/rollout.kusionstack.io_rolloutruns.yaml @@ -4700,11 +4700,6 @@ spec: updatedRevision: description: UpdatedRevision is the updated template revision used to generate pods. type: string - required: - - replicas - - updatedAvailableReplicas - - updatedReadyReplicas - - updatedReplicas type: object type: array webhooks: @@ -4810,11 +4805,6 @@ spec: updatedRevision: description: UpdatedRevision is the updated template revision used to generate pods. type: string - required: - - replicas - - updatedAvailableReplicas - - updatedReadyReplicas - - updatedReplicas type: object type: array webhooks: @@ -4956,11 +4946,6 @@ spec: updatedRevision: description: UpdatedRevision is the updated template revision used to generate pods. type: string - required: - - replicas - - updatedAvailableReplicas - - updatedReadyReplicas - - updatedReplicas type: object type: array type: object diff --git a/config/crd/rollout/rollout.kusionstack.io_rollouts.yaml b/config/crd/rollout/rollout.kusionstack.io_rollouts.yaml index 305b2fa..3de227e 100644 --- a/config/crd/rollout/rollout.kusionstack.io_rollouts.yaml +++ b/config/crd/rollout/rollout.kusionstack.io_rollouts.yaml @@ -272,11 +272,6 @@ spec: description: UpdatedRevision is the updated template revision used to generate pods. type: string - required: - - replicas - - updatedAvailableReplicas - - updatedReadyReplicas - - updatedReplicas type: object type: array type: object diff --git a/rollout/v1alpha1/rollout_types.go b/rollout/v1alpha1/rollout_types.go index 1d25b89..8ba6ac0 100644 --- a/rollout/v1alpha1/rollout_types.go +++ b/rollout/v1alpha1/rollout_types.go @@ -181,15 +181,19 @@ type RolloutBatchStatus struct { type RolloutReplicasSummary struct { // Replicas is the desired number of pods targeted by workload + // +optional Replicas int32 `json:"replicas"` // AvailableReplicas is the number of service available pods targeted by workload. // +optional AvailableReplicas int32 `json:"availableReplicas"` // UpdatedReplicas is the number of pods targeted by workload that have the updated template spec. + // +optional UpdatedReplicas int32 `json:"updatedReplicas"` // UpdatedReadyReplicas is the number of ready pods targeted by workload that have the updated template spec. + // +optional UpdatedReadyReplicas int32 `json:"updatedReadyReplicas"` // UpdatedAvailableReplicas is the number of service available pods targeted by workload that have the updated template spec. + // +optional UpdatedAvailableReplicas int32 `json:"updatedAvailableReplicas"` }