Path: blob/main/production/operator/crds/monitoring.grafana.com_grafanaagents.yaml
4096 views
---1apiVersion: apiextensions.k8s.io/v12kind: CustomResourceDefinition3metadata:4annotations:5controller-gen.kubebuilder.io/version: v0.9.26creationTimestamp: null7name: grafanaagents.monitoring.grafana.com8spec:9group: monitoring.grafana.com10names:11categories:12- agent-operator13kind: GrafanaAgent14listKind: GrafanaAgentList15plural: grafanaagents16singular: grafanaagent17scope: Namespaced18versions:19- name: v1alpha120schema:21openAPIV3Schema:22description: GrafanaAgent defines a Grafana Agent deployment.23properties:24apiVersion:25description: 'APIVersion defines the versioned schema of this representation26of an object. Servers should convert recognized schemas to the latest27internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'28type: string29kind:30description: 'Kind is a string value representing the REST resource this31object represents. Servers may infer this from the endpoint the client32submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'33type: string34metadata:35type: object36spec:37description: Spec holds the specification of the desired behavior for38the Grafana Agent cluster.39properties:40affinity:41description: Affinity, if specified, controls pod scheduling constraints.42properties:43nodeAffinity:44description: Describes node affinity scheduling rules for the45pod.46properties:47preferredDuringSchedulingIgnoredDuringExecution:48description: The scheduler will prefer to schedule pods to49nodes that satisfy the affinity expressions specified by50this field, but it may choose a node that violates one or51more of the expressions. The node that is most preferred52is the one with the greatest sum of weights, i.e. for each53node that meets all of the scheduling requirements (resource54request, requiredDuringScheduling affinity expressions,55etc.), compute a sum by iterating through the elements of56this field and adding "weight" to the sum if the node matches57the corresponding matchExpressions; the node(s) with the58highest sum are the most preferred.59items:60description: An empty preferred scheduling term matches61all objects with implicit weight 0 (i.e. it's a no-op).62A null preferred scheduling term matches no objects (i.e.63is also a no-op).64properties:65preference:66description: A node selector term, associated with the67corresponding weight.68properties:69matchExpressions:70description: A list of node selector requirements71by node's labels.72items:73description: A node selector requirement is a74selector that contains values, a key, and an75operator that relates the key and values.76properties:77key:78description: The label key that the selector79applies to.80type: string81operator:82description: Represents a key's relationship83to a set of values. Valid operators are84In, NotIn, Exists, DoesNotExist. Gt, and85Lt.86type: string87values:88description: An array of string values. If89the operator is In or NotIn, the values90array must be non-empty. If the operator91is Exists or DoesNotExist, the values array92must be empty. If the operator is Gt or93Lt, the values array must have a single94element, which will be interpreted as an95integer. This array is replaced during a96strategic merge patch.97items:98type: string99type: array100required:101- key102- operator103type: object104type: array105matchFields:106description: A list of node selector requirements107by node's fields.108items:109description: A node selector requirement is a110selector that contains values, a key, and an111operator that relates the key and values.112properties:113key:114description: The label key that the selector115applies to.116type: string117operator:118description: Represents a key's relationship119to a set of values. Valid operators are120In, NotIn, Exists, DoesNotExist. Gt, and121Lt.122type: string123values:124description: An array of string values. If125the operator is In or NotIn, the values126array must be non-empty. If the operator127is Exists or DoesNotExist, the values array128must be empty. If the operator is Gt or129Lt, the values array must have a single130element, which will be interpreted as an131integer. This array is replaced during a132strategic merge patch.133items:134type: string135type: array136required:137- key138- operator139type: object140type: array141type: object142x-kubernetes-map-type: atomic143weight:144description: Weight associated with matching the corresponding145nodeSelectorTerm, in the range 1-100.146format: int32147type: integer148required:149- preference150- weight151type: object152type: array153requiredDuringSchedulingIgnoredDuringExecution:154description: If the affinity requirements specified by this155field are not met at scheduling time, the pod will not be156scheduled onto the node. If the affinity requirements specified157by this field cease to be met at some point during pod execution158(e.g. due to an update), the system may or may not try to159eventually evict the pod from its node.160properties:161nodeSelectorTerms:162description: Required. A list of node selector terms.163The terms are ORed.164items:165description: A null or empty node selector term matches166no objects. The requirements of them are ANDed. The167TopologySelectorTerm type implements a subset of the168NodeSelectorTerm.169properties:170matchExpressions:171description: A list of node selector requirements172by node's labels.173items:174description: A node selector requirement is a175selector that contains values, a key, and an176operator that relates the key and values.177properties:178key:179description: The label key that the selector180applies to.181type: string182operator:183description: Represents a key's relationship184to a set of values. Valid operators are185In, NotIn, Exists, DoesNotExist. Gt, and186Lt.187type: string188values:189description: An array of string values. If190the operator is In or NotIn, the values191array must be non-empty. If the operator192is Exists or DoesNotExist, the values array193must be empty. If the operator is Gt or194Lt, the values array must have a single195element, which will be interpreted as an196integer. This array is replaced during a197strategic merge patch.198items:199type: string200type: array201required:202- key203- operator204type: object205type: array206matchFields:207description: A list of node selector requirements208by node's fields.209items:210description: A node selector requirement is a211selector that contains values, a key, and an212operator that relates the key and values.213properties:214key:215description: The label key that the selector216applies to.217type: string218operator:219description: Represents a key's relationship220to a set of values. Valid operators are221In, NotIn, Exists, DoesNotExist. Gt, and222Lt.223type: string224values:225description: An array of string values. If226the operator is In or NotIn, the values227array must be non-empty. If the operator228is Exists or DoesNotExist, the values array229must be empty. If the operator is Gt or230Lt, the values array must have a single231element, which will be interpreted as an232integer. This array is replaced during a233strategic merge patch.234items:235type: string236type: array237required:238- key239- operator240type: object241type: array242type: object243x-kubernetes-map-type: atomic244type: array245required:246- nodeSelectorTerms247type: object248x-kubernetes-map-type: atomic249type: object250podAffinity:251description: Describes pod affinity scheduling rules (e.g. co-locate252this pod in the same node, zone, etc. as some other pod(s)).253properties:254preferredDuringSchedulingIgnoredDuringExecution:255description: The scheduler will prefer to schedule pods to256nodes that satisfy the affinity expressions specified by257this field, but it may choose a node that violates one or258more of the expressions. The node that is most preferred259is the one with the greatest sum of weights, i.e. for each260node that meets all of the scheduling requirements (resource261request, requiredDuringScheduling affinity expressions,262etc.), compute a sum by iterating through the elements of263this field and adding "weight" to the sum if the node has264pods which matches the corresponding podAffinityTerm; the265node(s) with the highest sum are the most preferred.266items:267description: The weights of all of the matched WeightedPodAffinityTerm268fields are added per-node to find the most preferred node(s)269properties:270podAffinityTerm:271description: Required. A pod affinity term, associated272with the corresponding weight.273properties:274labelSelector:275description: A label query over a set of resources,276in this case pods.277properties:278matchExpressions:279description: matchExpressions is a list of label280selector requirements. The requirements are281ANDed.282items:283description: A label selector requirement284is a selector that contains values, a key,285and an operator that relates the key and286values.287properties:288key:289description: key is the label key that290the selector applies to.291type: string292operator:293description: operator represents a key's294relationship to a set of values. Valid295operators are In, NotIn, Exists and296DoesNotExist.297type: string298values:299description: values is an array of string300values. If the operator is In or NotIn,301the values array must be non-empty.302If the operator is Exists or DoesNotExist,303the values array must be empty. This304array is replaced during a strategic305merge patch.306items:307type: string308type: array309required:310- key311- operator312type: object313type: array314matchLabels:315additionalProperties:316type: string317description: matchLabels is a map of {key,value}318pairs. A single {key,value} in the matchLabels319map is equivalent to an element of matchExpressions,320whose key field is "key", the operator is321"In", and the values array contains only "value".322The requirements are ANDed.323type: object324type: object325x-kubernetes-map-type: atomic326namespaceSelector:327description: A label query over the set of namespaces328that the term applies to. The term is applied329to the union of the namespaces selected by this330field and the ones listed in the namespaces field.331null selector and null or empty namespaces list332means "this pod's namespace". An empty selector333({}) matches all namespaces.334properties:335matchExpressions:336description: matchExpressions is a list of label337selector requirements. The requirements are338ANDed.339items:340description: A label selector requirement341is a selector that contains values, a key,342and an operator that relates the key and343values.344properties:345key:346description: key is the label key that347the selector applies to.348type: string349operator:350description: operator represents a key's351relationship to a set of values. Valid352operators are In, NotIn, Exists and353DoesNotExist.354type: string355values:356description: values is an array of string357values. If the operator is In or NotIn,358the values array must be non-empty.359If the operator is Exists or DoesNotExist,360the values array must be empty. This361array is replaced during a strategic362merge patch.363items:364type: string365type: array366required:367- key368- operator369type: object370type: array371matchLabels:372additionalProperties:373type: string374description: matchLabels is a map of {key,value}375pairs. A single {key,value} in the matchLabels376map is equivalent to an element of matchExpressions,377whose key field is "key", the operator is378"In", and the values array contains only "value".379The requirements are ANDed.380type: object381type: object382x-kubernetes-map-type: atomic383namespaces:384description: namespaces specifies a static list385of namespace names that the term applies to. The386term is applied to the union of the namespaces387listed in this field and the ones selected by388namespaceSelector. null or empty namespaces list389and null namespaceSelector means "this pod's namespace".390items:391type: string392type: array393topologyKey:394description: This pod should be co-located (affinity)395or not co-located (anti-affinity) with the pods396matching the labelSelector in the specified namespaces,397where co-located is defined as running on a node398whose value of the label with key topologyKey399matches that of any node on which any of the selected400pods is running. Empty topologyKey is not allowed.401type: string402required:403- topologyKey404type: object405weight:406description: weight associated with matching the corresponding407podAffinityTerm, in the range 1-100.408format: int32409type: integer410required:411- podAffinityTerm412- weight413type: object414type: array415requiredDuringSchedulingIgnoredDuringExecution:416description: If the affinity requirements specified by this417field are not met at scheduling time, the pod will not be418scheduled onto the node. If the affinity requirements specified419by this field cease to be met at some point during pod execution420(e.g. due to a pod label update), the system may or may421not try to eventually evict the pod from its node. When422there are multiple elements, the lists of nodes corresponding423to each podAffinityTerm are intersected, i.e. all terms424must be satisfied.425items:426description: Defines a set of pods (namely those matching427the labelSelector relative to the given namespace(s))428that this pod should be co-located (affinity) or not co-located429(anti-affinity) with, where co-located is defined as running430on a node whose value of the label with key <topologyKey>431matches that of any node on which a pod of the set of432pods is running433properties:434labelSelector:435description: A label query over a set of resources,436in this case pods.437properties:438matchExpressions:439description: matchExpressions is a list of label440selector requirements. The requirements are ANDed.441items:442description: A label selector requirement is a443selector that contains values, a key, and an444operator that relates the key and values.445properties:446key:447description: key is the label key that the448selector applies to.449type: string450operator:451description: operator represents a key's relationship452to a set of values. Valid operators are453In, NotIn, Exists and DoesNotExist.454type: string455values:456description: values is an array of string457values. If the operator is In or NotIn,458the values array must be non-empty. If the459operator is Exists or DoesNotExist, the460values array must be empty. This array is461replaced during a strategic merge patch.462items:463type: string464type: array465required:466- key467- operator468type: object469type: array470matchLabels:471additionalProperties:472type: string473description: matchLabels is a map of {key,value}474pairs. A single {key,value} in the matchLabels475map is equivalent to an element of matchExpressions,476whose key field is "key", the operator is "In",477and the values array contains only "value". The478requirements are ANDed.479type: object480type: object481x-kubernetes-map-type: atomic482namespaceSelector:483description: A label query over the set of namespaces484that the term applies to. The term is applied to the485union of the namespaces selected by this field and486the ones listed in the namespaces field. null selector487and null or empty namespaces list means "this pod's488namespace". An empty selector ({}) matches all namespaces.489properties:490matchExpressions:491description: matchExpressions is a list of label492selector requirements. The requirements are ANDed.493items:494description: A label selector requirement is a495selector that contains values, a key, and an496operator that relates the key and values.497properties:498key:499description: key is the label key that the500selector applies to.501type: string502operator:503description: operator represents a key's relationship504to a set of values. Valid operators are505In, NotIn, Exists and DoesNotExist.506type: string507values:508description: values is an array of string509values. If the operator is In or NotIn,510the values array must be non-empty. If the511operator is Exists or DoesNotExist, the512values array must be empty. This array is513replaced during a strategic merge patch.514items:515type: string516type: array517required:518- key519- operator520type: object521type: array522matchLabels:523additionalProperties:524type: string525description: matchLabels is a map of {key,value}526pairs. A single {key,value} in the matchLabels527map is equivalent to an element of matchExpressions,528whose key field is "key", the operator is "In",529and the values array contains only "value". The530requirements are ANDed.531type: object532type: object533x-kubernetes-map-type: atomic534namespaces:535description: namespaces specifies a static list of namespace536names that the term applies to. The term is applied537to the union of the namespaces listed in this field538and the ones selected by namespaceSelector. null or539empty namespaces list and null namespaceSelector means540"this pod's namespace".541items:542type: string543type: array544topologyKey:545description: This pod should be co-located (affinity)546or not co-located (anti-affinity) with the pods matching547the labelSelector in the specified namespaces, where548co-located is defined as running on a node whose value549of the label with key topologyKey matches that of550any node on which any of the selected pods is running.551Empty topologyKey is not allowed.552type: string553required:554- topologyKey555type: object556type: array557type: object558podAntiAffinity:559description: Describes pod anti-affinity scheduling rules (e.g.560avoid putting this pod in the same node, zone, etc. as some561other pod(s)).562properties:563preferredDuringSchedulingIgnoredDuringExecution:564description: The scheduler will prefer to schedule pods to565nodes that satisfy the anti-affinity expressions specified566by this field, but it may choose a node that violates one567or more of the expressions. The node that is most preferred568is the one with the greatest sum of weights, i.e. for each569node that meets all of the scheduling requirements (resource570request, requiredDuringScheduling anti-affinity expressions,571etc.), compute a sum by iterating through the elements of572this field and adding "weight" to the sum if the node has573pods which matches the corresponding podAffinityTerm; the574node(s) with the highest sum are the most preferred.575items:576description: The weights of all of the matched WeightedPodAffinityTerm577fields are added per-node to find the most preferred node(s)578properties:579podAffinityTerm:580description: Required. A pod affinity term, associated581with the corresponding weight.582properties:583labelSelector:584description: A label query over a set of resources,585in this case pods.586properties:587matchExpressions:588description: matchExpressions is a list of label589selector requirements. The requirements are590ANDed.591items:592description: A label selector requirement593is a selector that contains values, a key,594and an operator that relates the key and595values.596properties:597key:598description: key is the label key that599the selector applies to.600type: string601operator:602description: operator represents a key's603relationship to a set of values. Valid604operators are In, NotIn, Exists and605DoesNotExist.606type: string607values:608description: values is an array of string609values. If the operator is In or NotIn,610the values array must be non-empty.611If the operator is Exists or DoesNotExist,612the values array must be empty. This613array is replaced during a strategic614merge patch.615items:616type: string617type: array618required:619- key620- operator621type: object622type: array623matchLabels:624additionalProperties:625type: string626description: matchLabels is a map of {key,value}627pairs. A single {key,value} in the matchLabels628map is equivalent to an element of matchExpressions,629whose key field is "key", the operator is630"In", and the values array contains only "value".631The requirements are ANDed.632type: object633type: object634x-kubernetes-map-type: atomic635namespaceSelector:636description: A label query over the set of namespaces637that the term applies to. The term is applied638to the union of the namespaces selected by this639field and the ones listed in the namespaces field.640null selector and null or empty namespaces list641means "this pod's namespace". An empty selector642({}) matches all namespaces.643properties:644matchExpressions:645description: matchExpressions is a list of label646selector requirements. The requirements are647ANDed.648items:649description: A label selector requirement650is a selector that contains values, a key,651and an operator that relates the key and652values.653properties:654key:655description: key is the label key that656the selector applies to.657type: string658operator:659description: operator represents a key's660relationship to a set of values. Valid661operators are In, NotIn, Exists and662DoesNotExist.663type: string664values:665description: values is an array of string666values. If the operator is In or NotIn,667the values array must be non-empty.668If the operator is Exists or DoesNotExist,669the values array must be empty. This670array is replaced during a strategic671merge patch.672items:673type: string674type: array675required:676- key677- operator678type: object679type: array680matchLabels:681additionalProperties:682type: string683description: matchLabels is a map of {key,value}684pairs. A single {key,value} in the matchLabels685map is equivalent to an element of matchExpressions,686whose key field is "key", the operator is687"In", and the values array contains only "value".688The requirements are ANDed.689type: object690type: object691x-kubernetes-map-type: atomic692namespaces:693description: namespaces specifies a static list694of namespace names that the term applies to. The695term is applied to the union of the namespaces696listed in this field and the ones selected by697namespaceSelector. null or empty namespaces list698and null namespaceSelector means "this pod's namespace".699items:700type: string701type: array702topologyKey:703description: This pod should be co-located (affinity)704or not co-located (anti-affinity) with the pods705matching the labelSelector in the specified namespaces,706where co-located is defined as running on a node707whose value of the label with key topologyKey708matches that of any node on which any of the selected709pods is running. Empty topologyKey is not allowed.710type: string711required:712- topologyKey713type: object714weight:715description: weight associated with matching the corresponding716podAffinityTerm, in the range 1-100.717format: int32718type: integer719required:720- podAffinityTerm721- weight722type: object723type: array724requiredDuringSchedulingIgnoredDuringExecution:725description: If the anti-affinity requirements specified by726this field are not met at scheduling time, the pod will727not be scheduled onto the node. If the anti-affinity requirements728specified by this field cease to be met at some point during729pod execution (e.g. due to a pod label update), the system730may or may not try to eventually evict the pod from its731node. When there are multiple elements, the lists of nodes732corresponding to each podAffinityTerm are intersected, i.e.733all terms must be satisfied.734items:735description: Defines a set of pods (namely those matching736the labelSelector relative to the given namespace(s))737that this pod should be co-located (affinity) or not co-located738(anti-affinity) with, where co-located is defined as running739on a node whose value of the label with key <topologyKey>740matches that of any node on which a pod of the set of741pods is running742properties:743labelSelector:744description: A label query over a set of resources,745in this case pods.746properties:747matchExpressions:748description: matchExpressions is a list of label749selector requirements. The requirements are ANDed.750items:751description: A label selector requirement is a752selector that contains values, a key, and an753operator that relates the key and values.754properties:755key:756description: key is the label key that the757selector applies to.758type: string759operator:760description: operator represents a key's relationship761to a set of values. Valid operators are762In, NotIn, Exists and DoesNotExist.763type: string764values:765description: values is an array of string766values. If the operator is In or NotIn,767the values array must be non-empty. If the768operator is Exists or DoesNotExist, the769values array must be empty. This array is770replaced during a strategic merge patch.771items:772type: string773type: array774required:775- key776- operator777type: object778type: array779matchLabels:780additionalProperties:781type: string782description: matchLabels is a map of {key,value}783pairs. A single {key,value} in the matchLabels784map is equivalent to an element of matchExpressions,785whose key field is "key", the operator is "In",786and the values array contains only "value". The787requirements are ANDed.788type: object789type: object790x-kubernetes-map-type: atomic791namespaceSelector:792description: A label query over the set of namespaces793that the term applies to. The term is applied to the794union of the namespaces selected by this field and795the ones listed in the namespaces field. null selector796and null or empty namespaces list means "this pod's797namespace". An empty selector ({}) matches all namespaces.798properties:799matchExpressions:800description: matchExpressions is a list of label801selector requirements. The requirements are ANDed.802items:803description: A label selector requirement is a804selector that contains values, a key, and an805operator that relates the key and values.806properties:807key:808description: key is the label key that the809selector applies to.810type: string811operator:812description: operator represents a key's relationship813to a set of values. Valid operators are814In, NotIn, Exists and DoesNotExist.815type: string816values:817description: values is an array of string818values. If the operator is In or NotIn,819the values array must be non-empty. If the820operator is Exists or DoesNotExist, the821values array must be empty. This array is822replaced during a strategic merge patch.823items:824type: string825type: array826required:827- key828- operator829type: object830type: array831matchLabels:832additionalProperties:833type: string834description: matchLabels is a map of {key,value}835pairs. A single {key,value} in the matchLabels836map is equivalent to an element of matchExpressions,837whose key field is "key", the operator is "In",838and the values array contains only "value". The839requirements are ANDed.840type: object841type: object842x-kubernetes-map-type: atomic843namespaces:844description: namespaces specifies a static list of namespace845names that the term applies to. The term is applied846to the union of the namespaces listed in this field847and the ones selected by namespaceSelector. null or848empty namespaces list and null namespaceSelector means849"this pod's namespace".850items:851type: string852type: array853topologyKey:854description: This pod should be co-located (affinity)855or not co-located (anti-affinity) with the pods matching856the labelSelector in the specified namespaces, where857co-located is defined as running on a node whose value858of the label with key topologyKey matches that of859any node on which any of the selected pods is running.860Empty topologyKey is not allowed.861type: string862required:863- topologyKey864type: object865type: array866type: object867type: object868apiServer:869description: APIServerConfig lets you specify a host and auth methods870to access the Kubernetes API server. If left empty, the Agent assumes871that it is running inside of the cluster and will discover API servers872automatically and use the pod's CA certificate and bearer token873file at /var/run/secrets/kubernetes.io/serviceaccount.874properties:875authorization:876description: Authorization section for accessing apiserver877properties:878credentials:879description: The secret's key that contains the credentials880of the request881properties:882key:883description: The key of the secret to select from. Must884be a valid secret key.885type: string886name:887description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names888TODO: Add other useful fields. apiVersion, kind, uid?'889type: string890optional:891description: Specify whether the Secret or its key must892be defined893type: boolean894required:895- key896type: object897x-kubernetes-map-type: atomic898credentialsFile:899description: File to read a secret from, mutually exclusive900with Credentials (from SafeAuthorization)901type: string902type:903description: Set the authentication type. Defaults to Bearer,904Basic will cause an error905type: string906type: object907basicAuth:908description: BasicAuth allow an endpoint to authenticate over909basic authentication910properties:911password:912description: The secret in the service monitor namespace that913contains the password for authentication.914properties:915key:916description: The key of the secret to select from. Must917be a valid secret key.918type: string919name:920description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names921TODO: Add other useful fields. apiVersion, kind, uid?'922type: string923optional:924description: Specify whether the Secret or its key must925be defined926type: boolean927required:928- key929type: object930x-kubernetes-map-type: atomic931username:932description: The secret in the service monitor namespace that933contains the username for authentication.934properties:935key:936description: The key of the secret to select from. Must937be a valid secret key.938type: string939name:940description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names941TODO: Add other useful fields. apiVersion, kind, uid?'942type: string943optional:944description: Specify whether the Secret or its key must945be defined946type: boolean947required:948- key949type: object950x-kubernetes-map-type: atomic951type: object952bearerToken:953description: Bearer token for accessing apiserver.954type: string955bearerTokenFile:956description: File to read bearer token for accessing apiserver.957type: string958host:959description: Host of apiserver. A valid string consisting of a960hostname or IP followed by an optional port number961type: string962tlsConfig:963description: TLS Config to use for accessing apiserver.964properties:965ca:966description: Certificate authority used when verifying server967certificates.968properties:969configMap:970description: ConfigMap containing data to use for the971targets.972properties:973key:974description: The key to select.975type: string976name:977description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names978TODO: Add other useful fields. apiVersion, kind,979uid?'980type: string981optional:982description: Specify whether the ConfigMap or its983key must be defined984type: boolean985required:986- key987type: object988x-kubernetes-map-type: atomic989secret:990description: Secret containing data to use for the targets.991properties:992key:993description: The key of the secret to select from. Must994be a valid secret key.995type: string996name:997description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names998TODO: Add other useful fields. apiVersion, kind,999uid?'1000type: string1001optional:1002description: Specify whether the Secret or its key1003must be defined1004type: boolean1005required:1006- key1007type: object1008x-kubernetes-map-type: atomic1009type: object1010caFile:1011description: Path to the CA cert in the Prometheus container1012to use for the targets.1013type: string1014cert:1015description: Client certificate to present when doing client-authentication.1016properties:1017configMap:1018description: ConfigMap containing data to use for the1019targets.1020properties:1021key:1022description: The key to select.1023type: string1024name:1025description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names1026TODO: Add other useful fields. apiVersion, kind,1027uid?'1028type: string1029optional:1030description: Specify whether the ConfigMap or its1031key must be defined1032type: boolean1033required:1034- key1035type: object1036x-kubernetes-map-type: atomic1037secret:1038description: Secret containing data to use for the targets.1039properties:1040key:1041description: The key of the secret to select from. Must1042be a valid secret key.1043type: string1044name:1045description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names1046TODO: Add other useful fields. apiVersion, kind,1047uid?'1048type: string1049optional:1050description: Specify whether the Secret or its key1051must be defined1052type: boolean1053required:1054- key1055type: object1056x-kubernetes-map-type: atomic1057type: object1058certFile:1059description: Path to the client cert file in the Prometheus1060container for the targets.1061type: string1062insecureSkipVerify:1063description: Disable target certificate validation.1064type: boolean1065keyFile:1066description: Path to the client key file in the Prometheus1067container for the targets.1068type: string1069keySecret:1070description: Secret containing the client key file for the1071targets.1072properties:1073key:1074description: The key of the secret to select from. Must1075be a valid secret key.1076type: string1077name:1078description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names1079TODO: Add other useful fields. apiVersion, kind, uid?'1080type: string1081optional:1082description: Specify whether the Secret or its key must1083be defined1084type: boolean1085required:1086- key1087type: object1088x-kubernetes-map-type: atomic1089serverName:1090description: Used to verify the hostname for the targets.1091type: string1092type: object1093required:1094- host1095type: object1096configMaps:1097description: ConfigMaps is a list of config maps in the same namespace1098as the GrafanaAgent object which will be mounted into each running1099Grafana Agent pod. The ConfigMaps are mounted into /etc/grafana-agent/extra-configmaps/<configmap-name>.1100items:1101type: string1102type: array1103containers:1104description: 'Containers lets you inject additional containers or1105modify operator-generated containers. This can be used to add an1106authentication proxy to a Grafana Agent pod or to change the behavior1107of an operator-generated container. Containers described here modify1108an operator-generated container if they share the same name and1109if modifications are done via a strategic merge patch. The current1110container names are: `grafana-agent` and `config-reloader`. Overriding1111containers is entirely outside the scope of what the Grafana Agent1112team supports and by doing so, you accept that this behavior may1113break at any time without notice.'1114items:1115description: A single application container that you want to run1116within a pod.1117properties:1118args:1119description: 'Arguments to the entrypoint. The container image''s1120CMD is used if this is not provided. Variable references $(VAR_NAME)1121are expanded using the container''s environment. If a variable1122cannot be resolved, the reference in the input string will1123be unchanged. Double $$ are reduced to a single $, which allows1124for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will1125produce the string literal "$(VAR_NAME)". Escaped references1126will never be expanded, regardless of whether the variable1127exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#run-a-command-in-a-shell'1128items:1129type: string1130type: array1131command:1132description: 'Entrypoint array. Not executed within a shell.1133The container image''s ENTRYPOINT is used if this is not provided.1134Variable references $(VAR_NAME) are expanded using the container''s1135environment. If a variable cannot be resolved, the reference1136in the input string will be unchanged. Double $$ are reduced1137to a single $, which allows for escaping the $(VAR_NAME) syntax:1138i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".1139Escaped references will never be expanded, regardless of whether1140the variable exists or not. Cannot be updated. More info:1141https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#run-a-command-in-a-shell'1142items:1143type: string1144type: array1145env:1146description: List of environment variables to set in the container.1147Cannot be updated.1148items:1149description: EnvVar represents an environment variable present1150in a Container.1151properties:1152name:1153description: Name of the environment variable. Must be1154a C_IDENTIFIER.1155type: string1156value:1157description: 'Variable references $(VAR_NAME) are expanded1158using the previously defined environment variables in1159the container and any service environment variables.1160If a variable cannot be resolved, the reference in the1161input string will be unchanged. Double $$ are reduced1162to a single $, which allows for escaping the $(VAR_NAME)1163syntax: i.e. "$$(VAR_NAME)" will produce the string1164literal "$(VAR_NAME)". Escaped references will never1165be expanded, regardless of whether the variable exists1166or not. Defaults to "".'1167type: string1168valueFrom:1169description: Source for the environment variable's value.1170Cannot be used if value is not empty.1171properties:1172configMapKeyRef:1173description: Selects a key of a ConfigMap.1174properties:1175key:1176description: The key to select.1177type: string1178name:1179description: 'Name of the referent. More info:1180https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names1181TODO: Add other useful fields. apiVersion, kind,1182uid?'1183type: string1184optional:1185description: Specify whether the ConfigMap or1186its key must be defined1187type: boolean1188required:1189- key1190type: object1191x-kubernetes-map-type: atomic1192fieldRef:1193description: 'Selects a field of the pod: supports1194metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,1195`metadata.annotations[''<KEY>'']`, spec.nodeName,1196spec.serviceAccountName, status.hostIP, status.podIP,1197status.podIPs.'1198properties:1199apiVersion:1200description: Version of the schema the FieldPath1201is written in terms of, defaults to "v1".1202type: string1203fieldPath:1204description: Path of the field to select in the1205specified API version.1206type: string1207required:1208- fieldPath1209type: object1210x-kubernetes-map-type: atomic1211resourceFieldRef:1212description: 'Selects a resource of the container:1213only resources limits and requests (limits.cpu,1214limits.memory, limits.ephemeral-storage, requests.cpu,1215requests.memory and requests.ephemeral-storage)1216are currently supported.'1217properties:1218containerName:1219description: 'Container name: required for volumes,1220optional for env vars'1221type: string1222divisor:1223anyOf:1224- type: integer1225- type: string1226description: Specifies the output format of the1227exposed resources, defaults to "1"1228pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$1229x-kubernetes-int-or-string: true1230resource:1231description: 'Required: resource to select'1232type: string1233required:1234- resource1235type: object1236x-kubernetes-map-type: atomic1237secretKeyRef:1238description: Selects a key of a secret in the pod's1239namespace1240properties:1241key:1242description: The key of the secret to select from. Must1243be a valid secret key.1244type: string1245name:1246description: 'Name of the referent. More info:1247https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names1248TODO: Add other useful fields. apiVersion, kind,1249uid?'1250type: string1251optional:1252description: Specify whether the Secret or its1253key must be defined1254type: boolean1255required:1256- key1257type: object1258x-kubernetes-map-type: atomic1259type: object1260required:1261- name1262type: object1263type: array1264envFrom:1265description: List of sources to populate environment variables1266in the container. The keys defined within a source must be1267a C_IDENTIFIER. All invalid keys will be reported as an event1268when the container is starting. When a key exists in multiple1269sources, the value associated with the last source will take1270precedence. Values defined by an Env with a duplicate key1271will take precedence. Cannot be updated.1272items:1273description: EnvFromSource represents the source of a set1274of ConfigMaps1275properties:1276configMapRef:1277description: The ConfigMap to select from1278properties:1279name:1280description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names1281TODO: Add other useful fields. apiVersion, kind,1282uid?'1283type: string1284optional:1285description: Specify whether the ConfigMap must be1286defined1287type: boolean1288type: object1289x-kubernetes-map-type: atomic1290prefix:1291description: An optional identifier to prepend to each1292key in the ConfigMap. Must be a C_IDENTIFIER.1293type: string1294secretRef:1295description: The Secret to select from1296properties:1297name:1298description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names1299TODO: Add other useful fields. apiVersion, kind,1300uid?'1301type: string1302optional:1303description: Specify whether the Secret must be defined1304type: boolean1305type: object1306x-kubernetes-map-type: atomic1307type: object1308type: array1309image:1310description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images1311This field is optional to allow higher level config management1312to default or override container images in workload controllers1313like Deployments and StatefulSets.'1314type: string1315imagePullPolicy:1316description: 'Image pull policy. One of Always, Never, IfNotPresent.1317Defaults to Always if :latest tag is specified, or IfNotPresent1318otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'1319type: string1320lifecycle:1321description: Actions that the management system should take1322in response to container lifecycle events. Cannot be updated.1323properties:1324postStart:1325description: 'PostStart is called immediately after a container1326is created. If the handler fails, the container is terminated1327and restarted according to its restart policy. Other management1328of the container blocks until the hook completes. More1329info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'1330properties:1331exec:1332description: Exec specifies the action to take.1333properties:1334command:1335description: Command is the command line to execute1336inside the container, the working directory for1337the command is root ('/') in the container's1338filesystem. The command is simply exec'd, it is1339not run inside a shell, so traditional shell instructions1340('|', etc) won't work. To use a shell, you need1341to explicitly call out to that shell. Exit status1342of 0 is treated as live/healthy and non-zero is1343unhealthy.1344items:1345type: string1346type: array1347type: object1348httpGet:1349description: HTTPGet specifies the http request to perform.1350properties:1351host:1352description: Host name to connect to, defaults to1353the pod IP. You probably want to set "Host" in1354httpHeaders instead.1355type: string1356httpHeaders:1357description: Custom headers to set in the request.1358HTTP allows repeated headers.1359items:1360description: HTTPHeader describes a custom header1361to be used in HTTP probes1362properties:1363name:1364description: The header field name1365type: string1366value:1367description: The header field value1368type: string1369required:1370- name1371- value1372type: object1373type: array1374path:1375description: Path to access on the HTTP server.1376type: string1377port:1378anyOf:1379- type: integer1380- type: string1381description: Name or number of the port to access1382on the container. Number must be in the range13831 to 65535. Name must be an IANA_SVC_NAME.1384x-kubernetes-int-or-string: true1385scheme:1386description: Scheme to use for connecting to the1387host. Defaults to HTTP.1388type: string1389required:1390- port1391type: object1392tcpSocket:1393description: Deprecated. TCPSocket is NOT supported1394as a LifecycleHandler and kept for the backward compatibility.1395There are no validation of this field and lifecycle1396hooks will fail in runtime when tcp handler is specified.1397properties:1398host:1399description: 'Optional: Host name to connect to,1400defaults to the pod IP.'1401type: string1402port:1403anyOf:1404- type: integer1405- type: string1406description: Number or name of the port to access1407on the container. Number must be in the range14081 to 65535. Name must be an IANA_SVC_NAME.1409x-kubernetes-int-or-string: true1410required:1411- port1412type: object1413type: object1414preStop:1415description: 'PreStop is called immediately before a container1416is terminated due to an API request or management event1417such as liveness/startup probe failure, preemption, resource1418contention, etc. The handler is not called if the container1419crashes or exits. The Pod''s termination grace period1420countdown begins before the PreStop hook is executed.1421Regardless of the outcome of the handler, the container1422will eventually terminate within the Pod''s termination1423grace period (unless delayed by finalizers). Other management1424of the container blocks until the hook completes or until1425the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'1426properties:1427exec:1428description: Exec specifies the action to take.1429properties:1430command:1431description: Command is the command line to execute1432inside the container, the working directory for1433the command is root ('/') in the container's1434filesystem. The command is simply exec'd, it is1435not run inside a shell, so traditional shell instructions1436('|', etc) won't work. To use a shell, you need1437to explicitly call out to that shell. Exit status1438of 0 is treated as live/healthy and non-zero is1439unhealthy.1440items:1441type: string1442type: array1443type: object1444httpGet:1445description: HTTPGet specifies the http request to perform.1446properties:1447host:1448description: Host name to connect to, defaults to1449the pod IP. You probably want to set "Host" in1450httpHeaders instead.1451type: string1452httpHeaders:1453description: Custom headers to set in the request.1454HTTP allows repeated headers.1455items:1456description: HTTPHeader describes a custom header1457to be used in HTTP probes1458properties:1459name:1460description: The header field name1461type: string1462value:1463description: The header field value1464type: string1465required:1466- name1467- value1468type: object1469type: array1470path:1471description: Path to access on the HTTP server.1472type: string1473port:1474anyOf:1475- type: integer1476- type: string1477description: Name or number of the port to access1478on the container. Number must be in the range14791 to 65535. Name must be an IANA_SVC_NAME.1480x-kubernetes-int-or-string: true1481scheme:1482description: Scheme to use for connecting to the1483host. Defaults to HTTP.1484type: string1485required:1486- port1487type: object1488tcpSocket:1489description: Deprecated. TCPSocket is NOT supported1490as a LifecycleHandler and kept for the backward compatibility.1491There are no validation of this field and lifecycle1492hooks will fail in runtime when tcp handler is specified.1493properties:1494host:1495description: 'Optional: Host name to connect to,1496defaults to the pod IP.'1497type: string1498port:1499anyOf:1500- type: integer1501- type: string1502description: Number or name of the port to access1503on the container. Number must be in the range15041 to 65535. Name must be an IANA_SVC_NAME.1505x-kubernetes-int-or-string: true1506required:1507- port1508type: object1509type: object1510type: object1511livenessProbe:1512description: 'Periodic probe of container liveness. Container1513will be restarted if the probe fails. Cannot be updated. More1514info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'1515properties:1516exec:1517description: Exec specifies the action to take.1518properties:1519command:1520description: Command is the command line to execute1521inside the container, the working directory for the1522command is root ('/') in the container's filesystem.1523The command is simply exec'd, it is not run inside1524a shell, so traditional shell instructions ('|', etc)1525won't work. To use a shell, you need to explicitly1526call out to that shell. Exit status of 0 is treated1527as live/healthy and non-zero is unhealthy.1528items:1529type: string1530type: array1531type: object1532failureThreshold:1533description: Minimum consecutive failures for the probe1534to be considered failed after having succeeded. Defaults1535to 3. Minimum value is 1.1536format: int321537type: integer1538grpc:1539description: GRPC specifies an action involving a GRPC port.1540This is a beta field and requires enabling GRPCContainerProbe1541feature gate.1542properties:1543port:1544description: Port number of the gRPC service. Number1545must be in the range 1 to 65535.1546format: int321547type: integer1548service:1549description: "Service is the name of the service to1550place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).1551\n If this is not specified, the default behavior1552is defined by gRPC."1553type: string1554required:1555- port1556type: object1557httpGet:1558description: HTTPGet specifies the http request to perform.1559properties:1560host:1561description: Host name to connect to, defaults to the1562pod IP. You probably want to set "Host" in httpHeaders1563instead.1564type: string1565httpHeaders:1566description: Custom headers to set in the request. HTTP1567allows repeated headers.1568items:1569description: HTTPHeader describes a custom header1570to be used in HTTP probes1571properties:1572name:1573description: The header field name1574type: string1575value:1576description: The header field value1577type: string1578required:1579- name1580- value1581type: object1582type: array1583path:1584description: Path to access on the HTTP server.1585type: string1586port:1587anyOf:1588- type: integer1589- type: string1590description: Name or number of the port to access on1591the container. Number must be in the range 1 to 65535.1592Name must be an IANA_SVC_NAME.1593x-kubernetes-int-or-string: true1594scheme:1595description: Scheme to use for connecting to the host.1596Defaults to HTTP.1597type: string1598required:1599- port1600type: object1601initialDelaySeconds:1602description: 'Number of seconds after the container has1603started before liveness probes are initiated. More info:1604https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'1605format: int321606type: integer1607periodSeconds:1608description: How often (in seconds) to perform the probe.1609Default to 10 seconds. Minimum value is 1.1610format: int321611type: integer1612successThreshold:1613description: Minimum consecutive successes for the probe1614to be considered successful after having failed. Defaults1615to 1. Must be 1 for liveness and startup. Minimum value1616is 1.1617format: int321618type: integer1619tcpSocket:1620description: TCPSocket specifies an action involving a TCP1621port.1622properties:1623host:1624description: 'Optional: Host name to connect to, defaults1625to the pod IP.'1626type: string1627port:1628anyOf:1629- type: integer1630- type: string1631description: Number or name of the port to access on1632the container. Number must be in the range 1 to 65535.1633Name must be an IANA_SVC_NAME.1634x-kubernetes-int-or-string: true1635required:1636- port1637type: object1638terminationGracePeriodSeconds:1639description: Optional duration in seconds the pod needs1640to terminate gracefully upon probe failure. The grace1641period is the duration in seconds after the processes1642running in the pod are sent a termination signal and the1643time when the processes are forcibly halted with a kill1644signal. Set this value longer than the expected cleanup1645time for your process. If this value is nil, the pod's1646terminationGracePeriodSeconds will be used. Otherwise,1647this value overrides the value provided by the pod spec.1648Value must be non-negative integer. The value zero indicates1649stop immediately via the kill signal (no opportunity to1650shut down). This is a beta field and requires enabling1651ProbeTerminationGracePeriod feature gate. Minimum value1652is 1. spec.terminationGracePeriodSeconds is used if unset.1653format: int641654type: integer1655timeoutSeconds:1656description: 'Number of seconds after which the probe times1657out. Defaults to 1 second. Minimum value is 1. More info:1658https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'1659format: int321660type: integer1661type: object1662name:1663description: Name of the container specified as a DNS_LABEL.1664Each container in a pod must have a unique name (DNS_LABEL).1665Cannot be updated.1666type: string1667ports:1668description: List of ports to expose from the container. Not1669specifying a port here DOES NOT prevent that port from being1670exposed. Any port which is listening on the default "0.0.0.0"1671address inside a container will be accessible from the network.1672Modifying this array with strategic merge patch may corrupt1673the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.1674Cannot be updated.1675items:1676description: ContainerPort represents a network port in a1677single container.1678properties:1679containerPort:1680description: Number of port to expose on the pod's IP1681address. This must be a valid port number, 0 < x < 65536.1682format: int321683type: integer1684hostIP:1685description: What host IP to bind the external port to.1686type: string1687hostPort:1688description: Number of port to expose on the host. If1689specified, this must be a valid port number, 0 < x <169065536. If HostNetwork is specified, this must match1691ContainerPort. Most containers do not need this.1692format: int321693type: integer1694name:1695description: If specified, this must be an IANA_SVC_NAME1696and unique within the pod. Each named port in a pod1697must have a unique name. Name for the port that can1698be referred to by services.1699type: string1700protocol:1701default: TCP1702description: Protocol for port. Must be UDP, TCP, or SCTP.1703Defaults to "TCP".1704type: string1705required:1706- containerPort1707type: object1708type: array1709x-kubernetes-list-map-keys:1710- containerPort1711- protocol1712x-kubernetes-list-type: map1713readinessProbe:1714description: 'Periodic probe of container service readiness.1715Container will be removed from service endpoints if the probe1716fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'1717properties:1718exec:1719description: Exec specifies the action to take.1720properties:1721command:1722description: Command is the command line to execute1723inside the container, the working directory for the1724command is root ('/') in the container's filesystem.1725The command is simply exec'd, it is not run inside1726a shell, so traditional shell instructions ('|', etc)1727won't work. To use a shell, you need to explicitly1728call out to that shell. Exit status of 0 is treated1729as live/healthy and non-zero is unhealthy.1730items:1731type: string1732type: array1733type: object1734failureThreshold:1735description: Minimum consecutive failures for the probe1736to be considered failed after having succeeded. Defaults1737to 3. Minimum value is 1.1738format: int321739type: integer1740grpc:1741description: GRPC specifies an action involving a GRPC port.1742This is a beta field and requires enabling GRPCContainerProbe1743feature gate.1744properties:1745port:1746description: Port number of the gRPC service. Number1747must be in the range 1 to 65535.1748format: int321749type: integer1750service:1751description: "Service is the name of the service to1752place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).1753\n If this is not specified, the default behavior1754is defined by gRPC."1755type: string1756required:1757- port1758type: object1759httpGet:1760description: HTTPGet specifies the http request to perform.1761properties:1762host:1763description: Host name to connect to, defaults to the1764pod IP. You probably want to set "Host" in httpHeaders1765instead.1766type: string1767httpHeaders:1768description: Custom headers to set in the request. HTTP1769allows repeated headers.1770items:1771description: HTTPHeader describes a custom header1772to be used in HTTP probes1773properties:1774name:1775description: The header field name1776type: string1777value:1778description: The header field value1779type: string1780required:1781- name1782- value1783type: object1784type: array1785path:1786description: Path to access on the HTTP server.1787type: string1788port:1789anyOf:1790- type: integer1791- type: string1792description: Name or number of the port to access on1793the container. Number must be in the range 1 to 65535.1794Name must be an IANA_SVC_NAME.1795x-kubernetes-int-or-string: true1796scheme:1797description: Scheme to use for connecting to the host.1798Defaults to HTTP.1799type: string1800required:1801- port1802type: object1803initialDelaySeconds:1804description: 'Number of seconds after the container has1805started before liveness probes are initiated. More info:1806https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'1807format: int321808type: integer1809periodSeconds:1810description: How often (in seconds) to perform the probe.1811Default to 10 seconds. Minimum value is 1.1812format: int321813type: integer1814successThreshold:1815description: Minimum consecutive successes for the probe1816to be considered successful after having failed. Defaults1817to 1. Must be 1 for liveness and startup. Minimum value1818is 1.1819format: int321820type: integer1821tcpSocket:1822description: TCPSocket specifies an action involving a TCP1823port.1824properties:1825host:1826description: 'Optional: Host name to connect to, defaults1827to the pod IP.'1828type: string1829port:1830anyOf:1831- type: integer1832- type: string1833description: Number or name of the port to access on1834the container. Number must be in the range 1 to 65535.1835Name must be an IANA_SVC_NAME.1836x-kubernetes-int-or-string: true1837required:1838- port1839type: object1840terminationGracePeriodSeconds:1841description: Optional duration in seconds the pod needs1842to terminate gracefully upon probe failure. The grace1843period is the duration in seconds after the processes1844running in the pod are sent a termination signal and the1845time when the processes are forcibly halted with a kill1846signal. Set this value longer than the expected cleanup1847time for your process. If this value is nil, the pod's1848terminationGracePeriodSeconds will be used. Otherwise,1849this value overrides the value provided by the pod spec.1850Value must be non-negative integer. The value zero indicates1851stop immediately via the kill signal (no opportunity to1852shut down). This is a beta field and requires enabling1853ProbeTerminationGracePeriod feature gate. Minimum value1854is 1. spec.terminationGracePeriodSeconds is used if unset.1855format: int641856type: integer1857timeoutSeconds:1858description: 'Number of seconds after which the probe times1859out. Defaults to 1 second. Minimum value is 1. More info:1860https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'1861format: int321862type: integer1863type: object1864resources:1865description: 'Compute Resources required by this container.1866Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'1867properties:1868limits:1869additionalProperties:1870anyOf:1871- type: integer1872- type: string1873pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$1874x-kubernetes-int-or-string: true1875description: 'Limits describes the maximum amount of compute1876resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'1877type: object1878requests:1879additionalProperties:1880anyOf:1881- type: integer1882- type: string1883pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$1884x-kubernetes-int-or-string: true1885description: 'Requests describes the minimum amount of compute1886resources required. If Requests is omitted for a container,1887it defaults to Limits if that is explicitly specified,1888otherwise to an implementation-defined value. More info:1889https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'1890type: object1891type: object1892securityContext:1893description: 'SecurityContext defines the security options the1894container should be run with. If set, the fields of SecurityContext1895override the equivalent fields of PodSecurityContext. More1896info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'1897properties:1898allowPrivilegeEscalation:1899description: 'AllowPrivilegeEscalation controls whether1900a process can gain more privileges than its parent process.1901This bool directly controls if the no_new_privs flag will1902be set on the container process. AllowPrivilegeEscalation1903is true always when the container is: 1) run as Privileged19042) has CAP_SYS_ADMIN Note that this field cannot be set1905when spec.os.name is windows.'1906type: boolean1907capabilities:1908description: The capabilities to add/drop when running containers.1909Defaults to the default set of capabilities granted by1910the container runtime. Note that this field cannot be1911set when spec.os.name is windows.1912properties:1913add:1914description: Added capabilities1915items:1916description: Capability represent POSIX capabilities1917type1918type: string1919type: array1920drop:1921description: Removed capabilities1922items:1923description: Capability represent POSIX capabilities1924type1925type: string1926type: array1927type: object1928privileged:1929description: Run container in privileged mode. Processes1930in privileged containers are essentially equivalent to1931root on the host. Defaults to false. Note that this field1932cannot be set when spec.os.name is windows.1933type: boolean1934procMount:1935description: procMount denotes the type of proc mount to1936use for the containers. The default is DefaultProcMount1937which uses the container runtime defaults for readonly1938paths and masked paths. This requires the ProcMountType1939feature flag to be enabled. Note that this field cannot1940be set when spec.os.name is windows.1941type: string1942readOnlyRootFilesystem:1943description: Whether this container has a read-only root1944filesystem. Default is false. Note that this field cannot1945be set when spec.os.name is windows.1946type: boolean1947runAsGroup:1948description: The GID to run the entrypoint of the container1949process. Uses runtime default if unset. May also be set1950in PodSecurityContext. If set in both SecurityContext1951and PodSecurityContext, the value specified in SecurityContext1952takes precedence. Note that this field cannot be set when1953spec.os.name is windows.1954format: int641955type: integer1956runAsNonRoot:1957description: Indicates that the container must run as a1958non-root user. If true, the Kubelet will validate the1959image at runtime to ensure that it does not run as UID19600 (root) and fail to start the container if it does. If1961unset or false, no such validation will be performed.1962May also be set in PodSecurityContext. If set in both1963SecurityContext and PodSecurityContext, the value specified1964in SecurityContext takes precedence.1965type: boolean1966runAsUser:1967description: The UID to run the entrypoint of the container1968process. Defaults to user specified in image metadata1969if unspecified. May also be set in PodSecurityContext. If1970set in both SecurityContext and PodSecurityContext, the1971value specified in SecurityContext takes precedence. Note1972that this field cannot be set when spec.os.name is windows.1973format: int641974type: integer1975seLinuxOptions:1976description: The SELinux context to be applied to the container.1977If unspecified, the container runtime will allocate a1978random SELinux context for each container. May also be1979set in PodSecurityContext. If set in both SecurityContext1980and PodSecurityContext, the value specified in SecurityContext1981takes precedence. Note that this field cannot be set when1982spec.os.name is windows.1983properties:1984level:1985description: Level is SELinux level label that applies1986to the container.1987type: string1988role:1989description: Role is a SELinux role label that applies1990to the container.1991type: string1992type:1993description: Type is a SELinux type label that applies1994to the container.1995type: string1996user:1997description: User is a SELinux user label that applies1998to the container.1999type: string2000type: object2001seccompProfile:2002description: The seccomp options to use by this container.2003If seccomp options are provided at both the pod & container2004level, the container options override the pod options.2005Note that this field cannot be set when spec.os.name is2006windows.2007properties:2008localhostProfile:2009description: localhostProfile indicates a profile defined2010in a file on the node should be used. The profile2011must be preconfigured on the node to work. Must be2012a descending path, relative to the kubelet's configured2013seccomp profile location. Must only be set if type2014is "Localhost".2015type: string2016type:2017description: "type indicates which kind of seccomp profile2018will be applied. Valid options are: \n Localhost -2019a profile defined in a file on the node should be2020used. RuntimeDefault - the container runtime default2021profile should be used. Unconfined - no profile should2022be applied."2023type: string2024required:2025- type2026type: object2027windowsOptions:2028description: The Windows specific settings applied to all2029containers. If unspecified, the options from the PodSecurityContext2030will be used. If set in both SecurityContext and PodSecurityContext,2031the value specified in SecurityContext takes precedence.2032Note that this field cannot be set when spec.os.name is2033linux.2034properties:2035gmsaCredentialSpec:2036description: GMSACredentialSpec is where the GMSA admission2037webhook (https://github.com/kubernetes-sigs/windows-gmsa)2038inlines the contents of the GMSA credential spec named2039by the GMSACredentialSpecName field.2040type: string2041gmsaCredentialSpecName:2042description: GMSACredentialSpecName is the name of the2043GMSA credential spec to use.2044type: string2045hostProcess:2046description: HostProcess determines if a container should2047be run as a 'Host Process' container. This field is2048alpha-level and will only be honored by components2049that enable the WindowsHostProcessContainers feature2050flag. Setting this field without the feature flag2051will result in errors when validating the Pod. All2052of a Pod's containers must have the same effective2053HostProcess value (it is not allowed to have a mix2054of HostProcess containers and non-HostProcess containers). In2055addition, if HostProcess is true then HostNetwork2056must also be set to true.2057type: boolean2058runAsUserName:2059description: The UserName in Windows to run the entrypoint2060of the container process. Defaults to the user specified2061in image metadata if unspecified. May also be set2062in PodSecurityContext. If set in both SecurityContext2063and PodSecurityContext, the value specified in SecurityContext2064takes precedence.2065type: string2066type: object2067type: object2068startupProbe:2069description: 'StartupProbe indicates that the Pod has successfully2070initialized. If specified, no other probes are executed until2071this completes successfully. If this probe fails, the Pod2072will be restarted, just as if the livenessProbe failed. This2073can be used to provide different probe parameters at the beginning2074of a Pod''s lifecycle, when it might take a long time to load2075data or warm a cache, than during steady-state operation.2076This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'2077properties:2078exec:2079description: Exec specifies the action to take.2080properties:2081command:2082description: Command is the command line to execute2083inside the container, the working directory for the2084command is root ('/') in the container's filesystem.2085The command is simply exec'd, it is not run inside2086a shell, so traditional shell instructions ('|', etc)2087won't work. To use a shell, you need to explicitly2088call out to that shell. Exit status of 0 is treated2089as live/healthy and non-zero is unhealthy.2090items:2091type: string2092type: array2093type: object2094failureThreshold:2095description: Minimum consecutive failures for the probe2096to be considered failed after having succeeded. Defaults2097to 3. Minimum value is 1.2098format: int322099type: integer2100grpc:2101description: GRPC specifies an action involving a GRPC port.2102This is a beta field and requires enabling GRPCContainerProbe2103feature gate.2104properties:2105port:2106description: Port number of the gRPC service. Number2107must be in the range 1 to 65535.2108format: int322109type: integer2110service:2111description: "Service is the name of the service to2112place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).2113\n If this is not specified, the default behavior2114is defined by gRPC."2115type: string2116required:2117- port2118type: object2119httpGet:2120description: HTTPGet specifies the http request to perform.2121properties:2122host:2123description: Host name to connect to, defaults to the2124pod IP. You probably want to set "Host" in httpHeaders2125instead.2126type: string2127httpHeaders:2128description: Custom headers to set in the request. HTTP2129allows repeated headers.2130items:2131description: HTTPHeader describes a custom header2132to be used in HTTP probes2133properties:2134name:2135description: The header field name2136type: string2137value:2138description: The header field value2139type: string2140required:2141- name2142- value2143type: object2144type: array2145path:2146description: Path to access on the HTTP server.2147type: string2148port:2149anyOf:2150- type: integer2151- type: string2152description: Name or number of the port to access on2153the container. Number must be in the range 1 to 65535.2154Name must be an IANA_SVC_NAME.2155x-kubernetes-int-or-string: true2156scheme:2157description: Scheme to use for connecting to the host.2158Defaults to HTTP.2159type: string2160required:2161- port2162type: object2163initialDelaySeconds:2164description: 'Number of seconds after the container has2165started before liveness probes are initiated. More info:2166https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'2167format: int322168type: integer2169periodSeconds:2170description: How often (in seconds) to perform the probe.2171Default to 10 seconds. Minimum value is 1.2172format: int322173type: integer2174successThreshold:2175description: Minimum consecutive successes for the probe2176to be considered successful after having failed. Defaults2177to 1. Must be 1 for liveness and startup. Minimum value2178is 1.2179format: int322180type: integer2181tcpSocket:2182description: TCPSocket specifies an action involving a TCP2183port.2184properties:2185host:2186description: 'Optional: Host name to connect to, defaults2187to the pod IP.'2188type: string2189port:2190anyOf:2191- type: integer2192- type: string2193description: Number or name of the port to access on2194the container. Number must be in the range 1 to 65535.2195Name must be an IANA_SVC_NAME.2196x-kubernetes-int-or-string: true2197required:2198- port2199type: object2200terminationGracePeriodSeconds:2201description: Optional duration in seconds the pod needs2202to terminate gracefully upon probe failure. The grace2203period is the duration in seconds after the processes2204running in the pod are sent a termination signal and the2205time when the processes are forcibly halted with a kill2206signal. Set this value longer than the expected cleanup2207time for your process. If this value is nil, the pod's2208terminationGracePeriodSeconds will be used. Otherwise,2209this value overrides the value provided by the pod spec.2210Value must be non-negative integer. The value zero indicates2211stop immediately via the kill signal (no opportunity to2212shut down). This is a beta field and requires enabling2213ProbeTerminationGracePeriod feature gate. Minimum value2214is 1. spec.terminationGracePeriodSeconds is used if unset.2215format: int642216type: integer2217timeoutSeconds:2218description: 'Number of seconds after which the probe times2219out. Defaults to 1 second. Minimum value is 1. More info:2220https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'2221format: int322222type: integer2223type: object2224stdin:2225description: Whether this container should allocate a buffer2226for stdin in the container runtime. If this is not set, reads2227from stdin in the container will always result in EOF. Default2228is false.2229type: boolean2230stdinOnce:2231description: Whether the container runtime should close the2232stdin channel after it has been opened by a single attach.2233When stdin is true the stdin stream will remain open across2234multiple attach sessions. If stdinOnce is set to true, stdin2235is opened on container start, is empty until the first client2236attaches to stdin, and then remains open and accepts data2237until the client disconnects, at which time stdin is closed2238and remains closed until the container is restarted. If this2239flag is false, a container processes that reads from stdin2240will never receive an EOF. Default is false2241type: boolean2242terminationMessagePath:2243description: 'Optional: Path at which the file to which the2244container''s termination message will be written is mounted2245into the container''s filesystem. Message written is intended2246to be brief final status, such as an assertion failure message.2247Will be truncated by the node if greater than 4096 bytes.2248The total message length across all containers will be limited2249to 12kb. Defaults to /dev/termination-log. Cannot be updated.'2250type: string2251terminationMessagePolicy:2252description: Indicate how the termination message should be2253populated. File will use the contents of terminationMessagePath2254to populate the container status message on both success and2255failure. FallbackToLogsOnError will use the last chunk of2256container log output if the termination message file is empty2257and the container exited with an error. The log output is2258limited to 2048 bytes or 80 lines, whichever is smaller. Defaults2259to File. Cannot be updated.2260type: string2261tty:2262description: Whether this container should allocate a TTY for2263itself, also requires 'stdin' to be true. Default is false.2264type: boolean2265volumeDevices:2266description: volumeDevices is the list of block devices to be2267used by the container.2268items:2269description: volumeDevice describes a mapping of a raw block2270device within a container.2271properties:2272devicePath:2273description: devicePath is the path inside of the container2274that the device will be mapped to.2275type: string2276name:2277description: name must match the name of a persistentVolumeClaim2278in the pod2279type: string2280required:2281- devicePath2282- name2283type: object2284type: array2285volumeMounts:2286description: Pod volumes to mount into the container's filesystem.2287Cannot be updated.2288items:2289description: VolumeMount describes a mounting of a Volume2290within a container.2291properties:2292mountPath:2293description: Path within the container at which the volume2294should be mounted. Must not contain ':'.2295type: string2296mountPropagation:2297description: mountPropagation determines how mounts are2298propagated from the host to container and the other2299way around. When not set, MountPropagationNone is used.2300This field is beta in 1.10.2301type: string2302name:2303description: This must match the Name of a Volume.2304type: string2305readOnly:2306description: Mounted read-only if true, read-write otherwise2307(false or unspecified). Defaults to false.2308type: boolean2309subPath:2310description: Path within the volume from which the container's2311volume should be mounted. Defaults to "" (volume's root).2312type: string2313subPathExpr:2314description: Expanded path within the volume from which2315the container's volume should be mounted. Behaves similarly2316to SubPath but environment variable references $(VAR_NAME)2317are expanded using the container's environment. Defaults2318to "" (volume's root). SubPathExpr and SubPath are mutually2319exclusive.2320type: string2321required:2322- mountPath2323- name2324type: object2325type: array2326workingDir:2327description: Container's working directory. If not specified,2328the container runtime's default will be used, which might2329be configured in the container image. Cannot be updated.2330type: string2331required:2332- name2333type: object2334type: array2335disableReporting:2336default: false2337description: disableReporting disables reporting of enabled feature2338flags to Grafana.2339type: boolean2340disableSupportBundle:2341default: false2342description: disableSupportBundle disables the generation of support2343bundles.2344type: boolean2345enableConfigReadAPI:2346default: false2347description: enableConfigReadAPI enables the read API for viewing2348the currently running config port 8080 on the agent.2349type: boolean2350image:2351description: Image, when specified, overrides the image used to run2352Agent. Specify the image along with a tag. You still need to set2353the version to ensure Grafana Agent Operator knows which version2354of Grafana Agent is being configured.2355type: string2356imagePullSecrets:2357description: 'ImagePullSecrets holds an optional list of references2358to Secrets within the same namespace used for pulling the Grafana2359Agent image from registries. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'2360items:2361description: LocalObjectReference contains enough information to2362let you locate the referenced object inside the same namespace.2363properties:2364name:2365description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names2366TODO: Add other useful fields. apiVersion, kind, uid?'2367type: string2368type: object2369x-kubernetes-map-type: atomic2370type: array2371initContainers:2372description: 'InitContainers let you add initContainers to the pod2373definition. These can be used to, for example, fetch secrets for2374injection into the Grafana Agent configuration from external sources.2375Errors during the execution of an initContainer cause the pod to2376restart. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/2377Using initContainers for any use case other than secret fetching2378is entirely outside the scope of what the Grafana Agent maintainers2379support and by doing so, you accept that this behavior may break2380at any time without notice.'2381items:2382description: A single application container that you want to run2383within a pod.2384properties:2385args:2386description: 'Arguments to the entrypoint. The container image''s2387CMD is used if this is not provided. Variable references $(VAR_NAME)2388are expanded using the container''s environment. If a variable2389cannot be resolved, the reference in the input string will2390be unchanged. Double $$ are reduced to a single $, which allows2391for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will2392produce the string literal "$(VAR_NAME)". Escaped references2393will never be expanded, regardless of whether the variable2394exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#run-a-command-in-a-shell'2395items:2396type: string2397type: array2398command:2399description: 'Entrypoint array. Not executed within a shell.2400The container image''s ENTRYPOINT is used if this is not provided.2401Variable references $(VAR_NAME) are expanded using the container''s2402environment. If a variable cannot be resolved, the reference2403in the input string will be unchanged. Double $$ are reduced2404to a single $, which allows for escaping the $(VAR_NAME) syntax:2405i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".2406Escaped references will never be expanded, regardless of whether2407the variable exists or not. Cannot be updated. More info:2408https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#run-a-command-in-a-shell'2409items:2410type: string2411type: array2412env:2413description: List of environment variables to set in the container.2414Cannot be updated.2415items:2416description: EnvVar represents an environment variable present2417in a Container.2418properties:2419name:2420description: Name of the environment variable. Must be2421a C_IDENTIFIER.2422type: string2423value:2424description: 'Variable references $(VAR_NAME) are expanded2425using the previously defined environment variables in2426the container and any service environment variables.2427If a variable cannot be resolved, the reference in the2428input string will be unchanged. Double $$ are reduced2429to a single $, which allows for escaping the $(VAR_NAME)2430syntax: i.e. "$$(VAR_NAME)" will produce the string2431literal "$(VAR_NAME)". Escaped references will never2432be expanded, regardless of whether the variable exists2433or not. Defaults to "".'2434type: string2435valueFrom:2436description: Source for the environment variable's value.2437Cannot be used if value is not empty.2438properties:2439configMapKeyRef:2440description: Selects a key of a ConfigMap.2441properties:2442key:2443description: The key to select.2444type: string2445name:2446description: 'Name of the referent. More info:2447https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names2448TODO: Add other useful fields. apiVersion, kind,2449uid?'2450type: string2451optional:2452description: Specify whether the ConfigMap or2453its key must be defined2454type: boolean2455required:2456- key2457type: object2458x-kubernetes-map-type: atomic2459fieldRef:2460description: 'Selects a field of the pod: supports2461metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,2462`metadata.annotations[''<KEY>'']`, spec.nodeName,2463spec.serviceAccountName, status.hostIP, status.podIP,2464status.podIPs.'2465properties:2466apiVersion:2467description: Version of the schema the FieldPath2468is written in terms of, defaults to "v1".2469type: string2470fieldPath:2471description: Path of the field to select in the2472specified API version.2473type: string2474required:2475- fieldPath2476type: object2477x-kubernetes-map-type: atomic2478resourceFieldRef:2479description: 'Selects a resource of the container:2480only resources limits and requests (limits.cpu,2481limits.memory, limits.ephemeral-storage, requests.cpu,2482requests.memory and requests.ephemeral-storage)2483are currently supported.'2484properties:2485containerName:2486description: 'Container name: required for volumes,2487optional for env vars'2488type: string2489divisor:2490anyOf:2491- type: integer2492- type: string2493description: Specifies the output format of the2494exposed resources, defaults to "1"2495pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$2496x-kubernetes-int-or-string: true2497resource:2498description: 'Required: resource to select'2499type: string2500required:2501- resource2502type: object2503x-kubernetes-map-type: atomic2504secretKeyRef:2505description: Selects a key of a secret in the pod's2506namespace2507properties:2508key:2509description: The key of the secret to select from. Must2510be a valid secret key.2511type: string2512name:2513description: 'Name of the referent. More info:2514https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names2515TODO: Add other useful fields. apiVersion, kind,2516uid?'2517type: string2518optional:2519description: Specify whether the Secret or its2520key must be defined2521type: boolean2522required:2523- key2524type: object2525x-kubernetes-map-type: atomic2526type: object2527required:2528- name2529type: object2530type: array2531envFrom:2532description: List of sources to populate environment variables2533in the container. The keys defined within a source must be2534a C_IDENTIFIER. All invalid keys will be reported as an event2535when the container is starting. When a key exists in multiple2536sources, the value associated with the last source will take2537precedence. Values defined by an Env with a duplicate key2538will take precedence. Cannot be updated.2539items:2540description: EnvFromSource represents the source of a set2541of ConfigMaps2542properties:2543configMapRef:2544description: The ConfigMap to select from2545properties:2546name:2547description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names2548TODO: Add other useful fields. apiVersion, kind,2549uid?'2550type: string2551optional:2552description: Specify whether the ConfigMap must be2553defined2554type: boolean2555type: object2556x-kubernetes-map-type: atomic2557prefix:2558description: An optional identifier to prepend to each2559key in the ConfigMap. Must be a C_IDENTIFIER.2560type: string2561secretRef:2562description: The Secret to select from2563properties:2564name:2565description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names2566TODO: Add other useful fields. apiVersion, kind,2567uid?'2568type: string2569optional:2570description: Specify whether the Secret must be defined2571type: boolean2572type: object2573x-kubernetes-map-type: atomic2574type: object2575type: array2576image:2577description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images2578This field is optional to allow higher level config management2579to default or override container images in workload controllers2580like Deployments and StatefulSets.'2581type: string2582imagePullPolicy:2583description: 'Image pull policy. One of Always, Never, IfNotPresent.2584Defaults to Always if :latest tag is specified, or IfNotPresent2585otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'2586type: string2587lifecycle:2588description: Actions that the management system should take2589in response to container lifecycle events. Cannot be updated.2590properties:2591postStart:2592description: 'PostStart is called immediately after a container2593is created. If the handler fails, the container is terminated2594and restarted according to its restart policy. Other management2595of the container blocks until the hook completes. More2596info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'2597properties:2598exec:2599description: Exec specifies the action to take.2600properties:2601command:2602description: Command is the command line to execute2603inside the container, the working directory for2604the command is root ('/') in the container's2605filesystem. The command is simply exec'd, it is2606not run inside a shell, so traditional shell instructions2607('|', etc) won't work. To use a shell, you need2608to explicitly call out to that shell. Exit status2609of 0 is treated as live/healthy and non-zero is2610unhealthy.2611items:2612type: string2613type: array2614type: object2615httpGet:2616description: HTTPGet specifies the http request to perform.2617properties:2618host:2619description: Host name to connect to, defaults to2620the pod IP. You probably want to set "Host" in2621httpHeaders instead.2622type: string2623httpHeaders:2624description: Custom headers to set in the request.2625HTTP allows repeated headers.2626items:2627description: HTTPHeader describes a custom header2628to be used in HTTP probes2629properties:2630name:2631description: The header field name2632type: string2633value:2634description: The header field value2635type: string2636required:2637- name2638- value2639type: object2640type: array2641path:2642description: Path to access on the HTTP server.2643type: string2644port:2645anyOf:2646- type: integer2647- type: string2648description: Name or number of the port to access2649on the container. Number must be in the range26501 to 65535. Name must be an IANA_SVC_NAME.2651x-kubernetes-int-or-string: true2652scheme:2653description: Scheme to use for connecting to the2654host. Defaults to HTTP.2655type: string2656required:2657- port2658type: object2659tcpSocket:2660description: Deprecated. TCPSocket is NOT supported2661as a LifecycleHandler and kept for the backward compatibility.2662There are no validation of this field and lifecycle2663hooks will fail in runtime when tcp handler is specified.2664properties:2665host:2666description: 'Optional: Host name to connect to,2667defaults to the pod IP.'2668type: string2669port:2670anyOf:2671- type: integer2672- type: string2673description: Number or name of the port to access2674on the container. Number must be in the range26751 to 65535. Name must be an IANA_SVC_NAME.2676x-kubernetes-int-or-string: true2677required:2678- port2679type: object2680type: object2681preStop:2682description: 'PreStop is called immediately before a container2683is terminated due to an API request or management event2684such as liveness/startup probe failure, preemption, resource2685contention, etc. The handler is not called if the container2686crashes or exits. The Pod''s termination grace period2687countdown begins before the PreStop hook is executed.2688Regardless of the outcome of the handler, the container2689will eventually terminate within the Pod''s termination2690grace period (unless delayed by finalizers). Other management2691of the container blocks until the hook completes or until2692the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'2693properties:2694exec:2695description: Exec specifies the action to take.2696properties:2697command:2698description: Command is the command line to execute2699inside the container, the working directory for2700the command is root ('/') in the container's2701filesystem. The command is simply exec'd, it is2702not run inside a shell, so traditional shell instructions2703('|', etc) won't work. To use a shell, you need2704to explicitly call out to that shell. Exit status2705of 0 is treated as live/healthy and non-zero is2706unhealthy.2707items:2708type: string2709type: array2710type: object2711httpGet:2712description: HTTPGet specifies the http request to perform.2713properties:2714host:2715description: Host name to connect to, defaults to2716the pod IP. You probably want to set "Host" in2717httpHeaders instead.2718type: string2719httpHeaders:2720description: Custom headers to set in the request.2721HTTP allows repeated headers.2722items:2723description: HTTPHeader describes a custom header2724to be used in HTTP probes2725properties:2726name:2727description: The header field name2728type: string2729value:2730description: The header field value2731type: string2732required:2733- name2734- value2735type: object2736type: array2737path:2738description: Path to access on the HTTP server.2739type: string2740port:2741anyOf:2742- type: integer2743- type: string2744description: Name or number of the port to access2745on the container. Number must be in the range27461 to 65535. Name must be an IANA_SVC_NAME.2747x-kubernetes-int-or-string: true2748scheme:2749description: Scheme to use for connecting to the2750host. Defaults to HTTP.2751type: string2752required:2753- port2754type: object2755tcpSocket:2756description: Deprecated. TCPSocket is NOT supported2757as a LifecycleHandler and kept for the backward compatibility.2758There are no validation of this field and lifecycle2759hooks will fail in runtime when tcp handler is specified.2760properties:2761host:2762description: 'Optional: Host name to connect to,2763defaults to the pod IP.'2764type: string2765port:2766anyOf:2767- type: integer2768- type: string2769description: Number or name of the port to access2770on the container. Number must be in the range27711 to 65535. Name must be an IANA_SVC_NAME.2772x-kubernetes-int-or-string: true2773required:2774- port2775type: object2776type: object2777type: object2778livenessProbe:2779description: 'Periodic probe of container liveness. Container2780will be restarted if the probe fails. Cannot be updated. More2781info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'2782properties:2783exec:2784description: Exec specifies the action to take.2785properties:2786command:2787description: Command is the command line to execute2788inside the container, the working directory for the2789command is root ('/') in the container's filesystem.2790The command is simply exec'd, it is not run inside2791a shell, so traditional shell instructions ('|', etc)2792won't work. To use a shell, you need to explicitly2793call out to that shell. Exit status of 0 is treated2794as live/healthy and non-zero is unhealthy.2795items:2796type: string2797type: array2798type: object2799failureThreshold:2800description: Minimum consecutive failures for the probe2801to be considered failed after having succeeded. Defaults2802to 3. Minimum value is 1.2803format: int322804type: integer2805grpc:2806description: GRPC specifies an action involving a GRPC port.2807This is a beta field and requires enabling GRPCContainerProbe2808feature gate.2809properties:2810port:2811description: Port number of the gRPC service. Number2812must be in the range 1 to 65535.2813format: int322814type: integer2815service:2816description: "Service is the name of the service to2817place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).2818\n If this is not specified, the default behavior2819is defined by gRPC."2820type: string2821required:2822- port2823type: object2824httpGet:2825description: HTTPGet specifies the http request to perform.2826properties:2827host:2828description: Host name to connect to, defaults to the2829pod IP. You probably want to set "Host" in httpHeaders2830instead.2831type: string2832httpHeaders:2833description: Custom headers to set in the request. HTTP2834allows repeated headers.2835items:2836description: HTTPHeader describes a custom header2837to be used in HTTP probes2838properties:2839name:2840description: The header field name2841type: string2842value:2843description: The header field value2844type: string2845required:2846- name2847- value2848type: object2849type: array2850path:2851description: Path to access on the HTTP server.2852type: string2853port:2854anyOf:2855- type: integer2856- type: string2857description: Name or number of the port to access on2858the container. Number must be in the range 1 to 65535.2859Name must be an IANA_SVC_NAME.2860x-kubernetes-int-or-string: true2861scheme:2862description: Scheme to use for connecting to the host.2863Defaults to HTTP.2864type: string2865required:2866- port2867type: object2868initialDelaySeconds:2869description: 'Number of seconds after the container has2870started before liveness probes are initiated. More info:2871https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'2872format: int322873type: integer2874periodSeconds:2875description: How often (in seconds) to perform the probe.2876Default to 10 seconds. Minimum value is 1.2877format: int322878type: integer2879successThreshold:2880description: Minimum consecutive successes for the probe2881to be considered successful after having failed. Defaults2882to 1. Must be 1 for liveness and startup. Minimum value2883is 1.2884format: int322885type: integer2886tcpSocket:2887description: TCPSocket specifies an action involving a TCP2888port.2889properties:2890host:2891description: 'Optional: Host name to connect to, defaults2892to the pod IP.'2893type: string2894port:2895anyOf:2896- type: integer2897- type: string2898description: Number or name of the port to access on2899the container. Number must be in the range 1 to 65535.2900Name must be an IANA_SVC_NAME.2901x-kubernetes-int-or-string: true2902required:2903- port2904type: object2905terminationGracePeriodSeconds:2906description: Optional duration in seconds the pod needs2907to terminate gracefully upon probe failure. The grace2908period is the duration in seconds after the processes2909running in the pod are sent a termination signal and the2910time when the processes are forcibly halted with a kill2911signal. Set this value longer than the expected cleanup2912time for your process. If this value is nil, the pod's2913terminationGracePeriodSeconds will be used. Otherwise,2914this value overrides the value provided by the pod spec.2915Value must be non-negative integer. The value zero indicates2916stop immediately via the kill signal (no opportunity to2917shut down). This is a beta field and requires enabling2918ProbeTerminationGracePeriod feature gate. Minimum value2919is 1. spec.terminationGracePeriodSeconds is used if unset.2920format: int642921type: integer2922timeoutSeconds:2923description: 'Number of seconds after which the probe times2924out. Defaults to 1 second. Minimum value is 1. More info:2925https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'2926format: int322927type: integer2928type: object2929name:2930description: Name of the container specified as a DNS_LABEL.2931Each container in a pod must have a unique name (DNS_LABEL).2932Cannot be updated.2933type: string2934ports:2935description: List of ports to expose from the container. Not2936specifying a port here DOES NOT prevent that port from being2937exposed. Any port which is listening on the default "0.0.0.0"2938address inside a container will be accessible from the network.2939Modifying this array with strategic merge patch may corrupt2940the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.2941Cannot be updated.2942items:2943description: ContainerPort represents a network port in a2944single container.2945properties:2946containerPort:2947description: Number of port to expose on the pod's IP2948address. This must be a valid port number, 0 < x < 65536.2949format: int322950type: integer2951hostIP:2952description: What host IP to bind the external port to.2953type: string2954hostPort:2955description: Number of port to expose on the host. If2956specified, this must be a valid port number, 0 < x <295765536. If HostNetwork is specified, this must match2958ContainerPort. Most containers do not need this.2959format: int322960type: integer2961name:2962description: If specified, this must be an IANA_SVC_NAME2963and unique within the pod. Each named port in a pod2964must have a unique name. Name for the port that can2965be referred to by services.2966type: string2967protocol:2968default: TCP2969description: Protocol for port. Must be UDP, TCP, or SCTP.2970Defaults to "TCP".2971type: string2972required:2973- containerPort2974type: object2975type: array2976x-kubernetes-list-map-keys:2977- containerPort2978- protocol2979x-kubernetes-list-type: map2980readinessProbe:2981description: 'Periodic probe of container service readiness.2982Container will be removed from service endpoints if the probe2983fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'2984properties:2985exec:2986description: Exec specifies the action to take.2987properties:2988command:2989description: Command is the command line to execute2990inside the container, the working directory for the2991command is root ('/') in the container's filesystem.2992The command is simply exec'd, it is not run inside2993a shell, so traditional shell instructions ('|', etc)2994won't work. To use a shell, you need to explicitly2995call out to that shell. Exit status of 0 is treated2996as live/healthy and non-zero is unhealthy.2997items:2998type: string2999type: array3000type: object3001failureThreshold:3002description: Minimum consecutive failures for the probe3003to be considered failed after having succeeded. Defaults3004to 3. Minimum value is 1.3005format: int323006type: integer3007grpc:3008description: GRPC specifies an action involving a GRPC port.3009This is a beta field and requires enabling GRPCContainerProbe3010feature gate.3011properties:3012port:3013description: Port number of the gRPC service. Number3014must be in the range 1 to 65535.3015format: int323016type: integer3017service:3018description: "Service is the name of the service to3019place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).3020\n If this is not specified, the default behavior3021is defined by gRPC."3022type: string3023required:3024- port3025type: object3026httpGet:3027description: HTTPGet specifies the http request to perform.3028properties:3029host:3030description: Host name to connect to, defaults to the3031pod IP. You probably want to set "Host" in httpHeaders3032instead.3033type: string3034httpHeaders:3035description: Custom headers to set in the request. HTTP3036allows repeated headers.3037items:3038description: HTTPHeader describes a custom header3039to be used in HTTP probes3040properties:3041name:3042description: The header field name3043type: string3044value:3045description: The header field value3046type: string3047required:3048- name3049- value3050type: object3051type: array3052path:3053description: Path to access on the HTTP server.3054type: string3055port:3056anyOf:3057- type: integer3058- type: string3059description: Name or number of the port to access on3060the container. Number must be in the range 1 to 65535.3061Name must be an IANA_SVC_NAME.3062x-kubernetes-int-or-string: true3063scheme:3064description: Scheme to use for connecting to the host.3065Defaults to HTTP.3066type: string3067required:3068- port3069type: object3070initialDelaySeconds:3071description: 'Number of seconds after the container has3072started before liveness probes are initiated. More info:3073https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'3074format: int323075type: integer3076periodSeconds:3077description: How often (in seconds) to perform the probe.3078Default to 10 seconds. Minimum value is 1.3079format: int323080type: integer3081successThreshold:3082description: Minimum consecutive successes for the probe3083to be considered successful after having failed. Defaults3084to 1. Must be 1 for liveness and startup. Minimum value3085is 1.3086format: int323087type: integer3088tcpSocket:3089description: TCPSocket specifies an action involving a TCP3090port.3091properties:3092host:3093description: 'Optional: Host name to connect to, defaults3094to the pod IP.'3095type: string3096port:3097anyOf:3098- type: integer3099- type: string3100description: Number or name of the port to access on3101the container. Number must be in the range 1 to 65535.3102Name must be an IANA_SVC_NAME.3103x-kubernetes-int-or-string: true3104required:3105- port3106type: object3107terminationGracePeriodSeconds:3108description: Optional duration in seconds the pod needs3109to terminate gracefully upon probe failure. The grace3110period is the duration in seconds after the processes3111running in the pod are sent a termination signal and the3112time when the processes are forcibly halted with a kill3113signal. Set this value longer than the expected cleanup3114time for your process. If this value is nil, the pod's3115terminationGracePeriodSeconds will be used. Otherwise,3116this value overrides the value provided by the pod spec.3117Value must be non-negative integer. The value zero indicates3118stop immediately via the kill signal (no opportunity to3119shut down). This is a beta field and requires enabling3120ProbeTerminationGracePeriod feature gate. Minimum value3121is 1. spec.terminationGracePeriodSeconds is used if unset.3122format: int643123type: integer3124timeoutSeconds:3125description: 'Number of seconds after which the probe times3126out. Defaults to 1 second. Minimum value is 1. More info:3127https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'3128format: int323129type: integer3130type: object3131resources:3132description: 'Compute Resources required by this container.3133Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'3134properties:3135limits:3136additionalProperties:3137anyOf:3138- type: integer3139- type: string3140pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$3141x-kubernetes-int-or-string: true3142description: 'Limits describes the maximum amount of compute3143resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'3144type: object3145requests:3146additionalProperties:3147anyOf:3148- type: integer3149- type: string3150pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$3151x-kubernetes-int-or-string: true3152description: 'Requests describes the minimum amount of compute3153resources required. If Requests is omitted for a container,3154it defaults to Limits if that is explicitly specified,3155otherwise to an implementation-defined value. More info:3156https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'3157type: object3158type: object3159securityContext:3160description: 'SecurityContext defines the security options the3161container should be run with. If set, the fields of SecurityContext3162override the equivalent fields of PodSecurityContext. More3163info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'3164properties:3165allowPrivilegeEscalation:3166description: 'AllowPrivilegeEscalation controls whether3167a process can gain more privileges than its parent process.3168This bool directly controls if the no_new_privs flag will3169be set on the container process. AllowPrivilegeEscalation3170is true always when the container is: 1) run as Privileged31712) has CAP_SYS_ADMIN Note that this field cannot be set3172when spec.os.name is windows.'3173type: boolean3174capabilities:3175description: The capabilities to add/drop when running containers.3176Defaults to the default set of capabilities granted by3177the container runtime. Note that this field cannot be3178set when spec.os.name is windows.3179properties:3180add:3181description: Added capabilities3182items:3183description: Capability represent POSIX capabilities3184type3185type: string3186type: array3187drop:3188description: Removed capabilities3189items:3190description: Capability represent POSIX capabilities3191type3192type: string3193type: array3194type: object3195privileged:3196description: Run container in privileged mode. Processes3197in privileged containers are essentially equivalent to3198root on the host. Defaults to false. Note that this field3199cannot be set when spec.os.name is windows.3200type: boolean3201procMount:3202description: procMount denotes the type of proc mount to3203use for the containers. The default is DefaultProcMount3204which uses the container runtime defaults for readonly3205paths and masked paths. This requires the ProcMountType3206feature flag to be enabled. Note that this field cannot3207be set when spec.os.name is windows.3208type: string3209readOnlyRootFilesystem:3210description: Whether this container has a read-only root3211filesystem. Default is false. Note that this field cannot3212be set when spec.os.name is windows.3213type: boolean3214runAsGroup:3215description: The GID to run the entrypoint of the container3216process. Uses runtime default if unset. May also be set3217in PodSecurityContext. If set in both SecurityContext3218and PodSecurityContext, the value specified in SecurityContext3219takes precedence. Note that this field cannot be set when3220spec.os.name is windows.3221format: int643222type: integer3223runAsNonRoot:3224description: Indicates that the container must run as a3225non-root user. If true, the Kubelet will validate the3226image at runtime to ensure that it does not run as UID32270 (root) and fail to start the container if it does. If3228unset or false, no such validation will be performed.3229May also be set in PodSecurityContext. If set in both3230SecurityContext and PodSecurityContext, the value specified3231in SecurityContext takes precedence.3232type: boolean3233runAsUser:3234description: The UID to run the entrypoint of the container3235process. Defaults to user specified in image metadata3236if unspecified. May also be set in PodSecurityContext. If3237set in both SecurityContext and PodSecurityContext, the3238value specified in SecurityContext takes precedence. Note3239that this field cannot be set when spec.os.name is windows.3240format: int643241type: integer3242seLinuxOptions:3243description: The SELinux context to be applied to the container.3244If unspecified, the container runtime will allocate a3245random SELinux context for each container. May also be3246set in PodSecurityContext. If set in both SecurityContext3247and PodSecurityContext, the value specified in SecurityContext3248takes precedence. Note that this field cannot be set when3249spec.os.name is windows.3250properties:3251level:3252description: Level is SELinux level label that applies3253to the container.3254type: string3255role:3256description: Role is a SELinux role label that applies3257to the container.3258type: string3259type:3260description: Type is a SELinux type label that applies3261to the container.3262type: string3263user:3264description: User is a SELinux user label that applies3265to the container.3266type: string3267type: object3268seccompProfile:3269description: The seccomp options to use by this container.3270If seccomp options are provided at both the pod & container3271level, the container options override the pod options.3272Note that this field cannot be set when spec.os.name is3273windows.3274properties:3275localhostProfile:3276description: localhostProfile indicates a profile defined3277in a file on the node should be used. The profile3278must be preconfigured on the node to work. Must be3279a descending path, relative to the kubelet's configured3280seccomp profile location. Must only be set if type3281is "Localhost".3282type: string3283type:3284description: "type indicates which kind of seccomp profile3285will be applied. Valid options are: \n Localhost -3286a profile defined in a file on the node should be3287used. RuntimeDefault - the container runtime default3288profile should be used. Unconfined - no profile should3289be applied."3290type: string3291required:3292- type3293type: object3294windowsOptions:3295description: The Windows specific settings applied to all3296containers. If unspecified, the options from the PodSecurityContext3297will be used. If set in both SecurityContext and PodSecurityContext,3298the value specified in SecurityContext takes precedence.3299Note that this field cannot be set when spec.os.name is3300linux.3301properties:3302gmsaCredentialSpec:3303description: GMSACredentialSpec is where the GMSA admission3304webhook (https://github.com/kubernetes-sigs/windows-gmsa)3305inlines the contents of the GMSA credential spec named3306by the GMSACredentialSpecName field.3307type: string3308gmsaCredentialSpecName:3309description: GMSACredentialSpecName is the name of the3310GMSA credential spec to use.3311type: string3312hostProcess:3313description: HostProcess determines if a container should3314be run as a 'Host Process' container. This field is3315alpha-level and will only be honored by components3316that enable the WindowsHostProcessContainers feature3317flag. Setting this field without the feature flag3318will result in errors when validating the Pod. All3319of a Pod's containers must have the same effective3320HostProcess value (it is not allowed to have a mix3321of HostProcess containers and non-HostProcess containers). In3322addition, if HostProcess is true then HostNetwork3323must also be set to true.3324type: boolean3325runAsUserName:3326description: The UserName in Windows to run the entrypoint3327of the container process. Defaults to the user specified3328in image metadata if unspecified. May also be set3329in PodSecurityContext. If set in both SecurityContext3330and PodSecurityContext, the value specified in SecurityContext3331takes precedence.3332type: string3333type: object3334type: object3335startupProbe:3336description: 'StartupProbe indicates that the Pod has successfully3337initialized. If specified, no other probes are executed until3338this completes successfully. If this probe fails, the Pod3339will be restarted, just as if the livenessProbe failed. This3340can be used to provide different probe parameters at the beginning3341of a Pod''s lifecycle, when it might take a long time to load3342data or warm a cache, than during steady-state operation.3343This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'3344properties:3345exec:3346description: Exec specifies the action to take.3347properties:3348command:3349description: Command is the command line to execute3350inside the container, the working directory for the3351command is root ('/') in the container's filesystem.3352The command is simply exec'd, it is not run inside3353a shell, so traditional shell instructions ('|', etc)3354won't work. To use a shell, you need to explicitly3355call out to that shell. Exit status of 0 is treated3356as live/healthy and non-zero is unhealthy.3357items:3358type: string3359type: array3360type: object3361failureThreshold:3362description: Minimum consecutive failures for the probe3363to be considered failed after having succeeded. Defaults3364to 3. Minimum value is 1.3365format: int323366type: integer3367grpc:3368description: GRPC specifies an action involving a GRPC port.3369This is a beta field and requires enabling GRPCContainerProbe3370feature gate.3371properties:3372port:3373description: Port number of the gRPC service. Number3374must be in the range 1 to 65535.3375format: int323376type: integer3377service:3378description: "Service is the name of the service to3379place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).3380\n If this is not specified, the default behavior3381is defined by gRPC."3382type: string3383required:3384- port3385type: object3386httpGet:3387description: HTTPGet specifies the http request to perform.3388properties:3389host:3390description: Host name to connect to, defaults to the3391pod IP. You probably want to set "Host" in httpHeaders3392instead.3393type: string3394httpHeaders:3395description: Custom headers to set in the request. HTTP3396allows repeated headers.3397items:3398description: HTTPHeader describes a custom header3399to be used in HTTP probes3400properties:3401name:3402description: The header field name3403type: string3404value:3405description: The header field value3406type: string3407required:3408- name3409- value3410type: object3411type: array3412path:3413description: Path to access on the HTTP server.3414type: string3415port:3416anyOf:3417- type: integer3418- type: string3419description: Name or number of the port to access on3420the container. Number must be in the range 1 to 65535.3421Name must be an IANA_SVC_NAME.3422x-kubernetes-int-or-string: true3423scheme:3424description: Scheme to use for connecting to the host.3425Defaults to HTTP.3426type: string3427required:3428- port3429type: object3430initialDelaySeconds:3431description: 'Number of seconds after the container has3432started before liveness probes are initiated. More info:3433https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'3434format: int323435type: integer3436periodSeconds:3437description: How often (in seconds) to perform the probe.3438Default to 10 seconds. Minimum value is 1.3439format: int323440type: integer3441successThreshold:3442description: Minimum consecutive successes for the probe3443to be considered successful after having failed. Defaults3444to 1. Must be 1 for liveness and startup. Minimum value3445is 1.3446format: int323447type: integer3448tcpSocket:3449description: TCPSocket specifies an action involving a TCP3450port.3451properties:3452host:3453description: 'Optional: Host name to connect to, defaults3454to the pod IP.'3455type: string3456port:3457anyOf:3458- type: integer3459- type: string3460description: Number or name of the port to access on3461the container. Number must be in the range 1 to 65535.3462Name must be an IANA_SVC_NAME.3463x-kubernetes-int-or-string: true3464required:3465- port3466type: object3467terminationGracePeriodSeconds:3468description: Optional duration in seconds the pod needs3469to terminate gracefully upon probe failure. The grace3470period is the duration in seconds after the processes3471running in the pod are sent a termination signal and the3472time when the processes are forcibly halted with a kill3473signal. Set this value longer than the expected cleanup3474time for your process. If this value is nil, the pod's3475terminationGracePeriodSeconds will be used. Otherwise,3476this value overrides the value provided by the pod spec.3477Value must be non-negative integer. The value zero indicates3478stop immediately via the kill signal (no opportunity to3479shut down). This is a beta field and requires enabling3480ProbeTerminationGracePeriod feature gate. Minimum value3481is 1. spec.terminationGracePeriodSeconds is used if unset.3482format: int643483type: integer3484timeoutSeconds:3485description: 'Number of seconds after which the probe times3486out. Defaults to 1 second. Minimum value is 1. More info:3487https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'3488format: int323489type: integer3490type: object3491stdin:3492description: Whether this container should allocate a buffer3493for stdin in the container runtime. If this is not set, reads3494from stdin in the container will always result in EOF. Default3495is false.3496type: boolean3497stdinOnce:3498description: Whether the container runtime should close the3499stdin channel after it has been opened by a single attach.3500When stdin is true the stdin stream will remain open across3501multiple attach sessions. If stdinOnce is set to true, stdin3502is opened on container start, is empty until the first client3503attaches to stdin, and then remains open and accepts data3504until the client disconnects, at which time stdin is closed3505and remains closed until the container is restarted. If this3506flag is false, a container processes that reads from stdin3507will never receive an EOF. Default is false3508type: boolean3509terminationMessagePath:3510description: 'Optional: Path at which the file to which the3511container''s termination message will be written is mounted3512into the container''s filesystem. Message written is intended3513to be brief final status, such as an assertion failure message.3514Will be truncated by the node if greater than 4096 bytes.3515The total message length across all containers will be limited3516to 12kb. Defaults to /dev/termination-log. Cannot be updated.'3517type: string3518terminationMessagePolicy:3519description: Indicate how the termination message should be3520populated. File will use the contents of terminationMessagePath3521to populate the container status message on both success and3522failure. FallbackToLogsOnError will use the last chunk of3523container log output if the termination message file is empty3524and the container exited with an error. The log output is3525limited to 2048 bytes or 80 lines, whichever is smaller. Defaults3526to File. Cannot be updated.3527type: string3528tty:3529description: Whether this container should allocate a TTY for3530itself, also requires 'stdin' to be true. Default is false.3531type: boolean3532volumeDevices:3533description: volumeDevices is the list of block devices to be3534used by the container.3535items:3536description: volumeDevice describes a mapping of a raw block3537device within a container.3538properties:3539devicePath:3540description: devicePath is the path inside of the container3541that the device will be mapped to.3542type: string3543name:3544description: name must match the name of a persistentVolumeClaim3545in the pod3546type: string3547required:3548- devicePath3549- name3550type: object3551type: array3552volumeMounts:3553description: Pod volumes to mount into the container's filesystem.3554Cannot be updated.3555items:3556description: VolumeMount describes a mounting of a Volume3557within a container.3558properties:3559mountPath:3560description: Path within the container at which the volume3561should be mounted. Must not contain ':'.3562type: string3563mountPropagation:3564description: mountPropagation determines how mounts are3565propagated from the host to container and the other3566way around. When not set, MountPropagationNone is used.3567This field is beta in 1.10.3568type: string3569name:3570description: This must match the Name of a Volume.3571type: string3572readOnly:3573description: Mounted read-only if true, read-write otherwise3574(false or unspecified). Defaults to false.3575type: boolean3576subPath:3577description: Path within the volume from which the container's3578volume should be mounted. Defaults to "" (volume's root).3579type: string3580subPathExpr:3581description: Expanded path within the volume from which3582the container's volume should be mounted. Behaves similarly3583to SubPath but environment variable references $(VAR_NAME)3584are expanded using the container's environment. Defaults3585to "" (volume's root). SubPathExpr and SubPath are mutually3586exclusive.3587type: string3588required:3589- mountPath3590- name3591type: object3592type: array3593workingDir:3594description: Container's working directory. If not specified,3595the container runtime's default will be used, which might3596be configured in the container image. Cannot be updated.3597type: string3598required:3599- name3600type: object3601type: array3602integrations:3603description: Integrations controls the integration subsystem of the3604Agent and settings unique to deployed integration-specific pods.3605properties:3606namespaceSelector:3607description: "Label selector for namespaces to search when discovering3608integration resources. If nil, integration resources are only3609discovered in the namespace of the GrafanaAgent resource. \n3610Set to `{}` to search all namespaces."3611properties:3612matchExpressions:3613description: matchExpressions is a list of label selector3614requirements. The requirements are ANDed.3615items:3616description: A label selector requirement is a selector3617that contains values, a key, and an operator that relates3618the key and values.3619properties:3620key:3621description: key is the label key that the selector3622applies to.3623type: string3624operator:3625description: operator represents a key's relationship3626to a set of values. Valid operators are In, NotIn,3627Exists and DoesNotExist.3628type: string3629values:3630description: values is an array of string values. If3631the operator is In or NotIn, the values array must3632be non-empty. If the operator is Exists or DoesNotExist,3633the values array must be empty. This array is replaced3634during a strategic merge patch.3635items:3636type: string3637type: array3638required:3639- key3640- operator3641type: object3642type: array3643matchLabels:3644additionalProperties:3645type: string3646description: matchLabels is a map of {key,value} pairs. A3647single {key,value} in the matchLabels map is equivalent3648to an element of matchExpressions, whose key field is "key",3649the operator is "In", and the values array contains only3650"value". The requirements are ANDed.3651type: object3652type: object3653x-kubernetes-map-type: atomic3654selector:3655description: Label selector to find Integration resources to run.3656When nil, no integration resources will be defined.3657properties:3658matchExpressions:3659description: matchExpressions is a list of label selector3660requirements. The requirements are ANDed.3661items:3662description: A label selector requirement is a selector3663that contains values, a key, and an operator that relates3664the key and values.3665properties:3666key:3667description: key is the label key that the selector3668applies to.3669type: string3670operator:3671description: operator represents a key's relationship3672to a set of values. Valid operators are In, NotIn,3673Exists and DoesNotExist.3674type: string3675values:3676description: values is an array of string values. If3677the operator is In or NotIn, the values array must3678be non-empty. If the operator is Exists or DoesNotExist,3679the values array must be empty. This array is replaced3680during a strategic merge patch.3681items:3682type: string3683type: array3684required:3685- key3686- operator3687type: object3688type: array3689matchLabels:3690additionalProperties:3691type: string3692description: matchLabels is a map of {key,value} pairs. A3693single {key,value} in the matchLabels map is equivalent3694to an element of matchExpressions, whose key field is "key",3695the operator is "In", and the values array contains only3696"value". The requirements are ANDed.3697type: object3698type: object3699x-kubernetes-map-type: atomic3700type: object3701logFormat:3702description: LogFormat controls the logging format of the generated3703pods. Defaults to "logfmt" if not set.3704type: string3705logLevel:3706description: LogLevel controls the log level of the generated pods.3707Defaults to "info" if not set.3708type: string3709logs:3710description: Logs controls the logging subsystem of the Agent and3711settings unique to logging-specific pods that are deployed.3712properties:3713clients:3714description: A global set of clients to use when a discovered3715LogsInstance does not have any clients defined.3716items:3717description: LogsClientSpec defines the client integration for3718logs, indicating which Loki server to send logs to.3719properties:3720backoffConfig:3721description: Configures how to retry requests to Loki when3722a request fails. Defaults to a minPeriod of 500ms, maxPeriod3723of 5m, and maxRetries of 10.3724properties:3725maxPeriod:3726description: Maximum backoff time between retries.3727type: string3728maxRetries:3729description: Maximum number of retries to perform before3730giving up a request.3731type: integer3732minPeriod:3733description: Initial backoff time between retries. Time3734between retries is increased exponentially.3735type: string3736type: object3737basicAuth:3738description: BasicAuth for the Loki server.3739properties:3740password:3741description: The secret in the service monitor namespace3742that contains the password for authentication.3743properties:3744key:3745description: The key of the secret to select from. Must3746be a valid secret key.3747type: string3748name:3749description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names3750TODO: Add other useful fields. apiVersion, kind,3751uid?'3752type: string3753optional:3754description: Specify whether the Secret or its key3755must be defined3756type: boolean3757required:3758- key3759type: object3760x-kubernetes-map-type: atomic3761username:3762description: The secret in the service monitor namespace3763that contains the username for authentication.3764properties:3765key:3766description: The key of the secret to select from. Must3767be a valid secret key.3768type: string3769name:3770description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names3771TODO: Add other useful fields. apiVersion, kind,3772uid?'3773type: string3774optional:3775description: Specify whether the Secret or its key3776must be defined3777type: boolean3778required:3779- key3780type: object3781x-kubernetes-map-type: atomic3782type: object3783batchSize:3784description: Maximum batch size (in bytes) of logs to accumulate3785before sending the batch to Loki.3786type: integer3787batchWait:3788description: Maximum amount of time to wait before sending3789a batch, even if that batch isn't full.3790type: string3791bearerToken:3792description: BearerToken used for remote_write.3793type: string3794bearerTokenFile:3795description: BearerTokenFile used to read bearer token.3796type: string3797externalLabels:3798additionalProperties:3799type: string3800description: ExternalLabels are labels to add to any time3801series when sending data to Loki.3802type: object3803proxyUrl:3804description: ProxyURL to proxy requests through. Optional.3805type: string3806tenantId:3807description: Tenant ID used by default to push logs to Loki.3808If omitted assumes remote Loki is running in single-tenant3809mode or an authentication layer is used to inject an X-Scope-OrgID3810header.3811type: string3812timeout:3813description: Maximum time to wait for a server to respond3814to a request.3815type: string3816tlsConfig:3817description: TLSConfig to use for the client. Only used3818when the protocol of the URL is https.3819properties:3820ca:3821description: Certificate authority used when verifying3822server certificates.3823properties:3824configMap:3825description: ConfigMap containing data to use for3826the targets.3827properties:3828key:3829description: The key to select.3830type: string3831name:3832description: 'Name of the referent. More info:3833https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names3834TODO: Add other useful fields. apiVersion,3835kind, uid?'3836type: string3837optional:3838description: Specify whether the ConfigMap or3839its key must be defined3840type: boolean3841required:3842- key3843type: object3844x-kubernetes-map-type: atomic3845secret:3846description: Secret containing data to use for the3847targets.3848properties:3849key:3850description: The key of the secret to select3851from. Must be a valid secret key.3852type: string3853name:3854description: 'Name of the referent. More info:3855https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names3856TODO: Add other useful fields. apiVersion,3857kind, uid?'3858type: string3859optional:3860description: Specify whether the Secret or its3861key must be defined3862type: boolean3863required:3864- key3865type: object3866x-kubernetes-map-type: atomic3867type: object3868caFile:3869description: Path to the CA cert in the Prometheus container3870to use for the targets.3871type: string3872cert:3873description: Client certificate to present when doing3874client-authentication.3875properties:3876configMap:3877description: ConfigMap containing data to use for3878the targets.3879properties:3880key:3881description: The key to select.3882type: string3883name:3884description: 'Name of the referent. More info:3885https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names3886TODO: Add other useful fields. apiVersion,3887kind, uid?'3888type: string3889optional:3890description: Specify whether the ConfigMap or3891its key must be defined3892type: boolean3893required:3894- key3895type: object3896x-kubernetes-map-type: atomic3897secret:3898description: Secret containing data to use for the3899targets.3900properties:3901key:3902description: The key of the secret to select3903from. Must be a valid secret key.3904type: string3905name:3906description: 'Name of the referent. More info:3907https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names3908TODO: Add other useful fields. apiVersion,3909kind, uid?'3910type: string3911optional:3912description: Specify whether the Secret or its3913key must be defined3914type: boolean3915required:3916- key3917type: object3918x-kubernetes-map-type: atomic3919type: object3920certFile:3921description: Path to the client cert file in the Prometheus3922container for the targets.3923type: string3924insecureSkipVerify:3925description: Disable target certificate validation.3926type: boolean3927keyFile:3928description: Path to the client key file in the Prometheus3929container for the targets.3930type: string3931keySecret:3932description: Secret containing the client key file for3933the targets.3934properties:3935key:3936description: The key of the secret to select from. Must3937be a valid secret key.3938type: string3939name:3940description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names3941TODO: Add other useful fields. apiVersion, kind,3942uid?'3943type: string3944optional:3945description: Specify whether the Secret or its key3946must be defined3947type: boolean3948required:3949- key3950type: object3951x-kubernetes-map-type: atomic3952serverName:3953description: Used to verify the hostname for the targets.3954type: string3955type: object3956url:3957description: 'URL is the URL where Loki is listening. Must3958be a full HTTP URL, including protocol. Required. Example:3959https://logs-prod-us-central1.grafana.net/loki/api/v1/push.'3960type: string3961required:3962- url3963type: object3964type: array3965enforcedNamespaceLabel:3966description: EnforcedNamespaceLabel enforces adding a namespace3967label of origin for each metric that is user-created. The label3968value will always be the namespace of the object that is being3969created.3970type: string3971ignoreNamespaceSelectors:3972description: IgnoreNamespaceSelectors, if true, will ignore NamespaceSelector3973settings from the PodLogs configs, and they will only discover3974endpoints within their current namespace.3975type: boolean3976instanceNamespaceSelector:3977description: InstanceNamespaceSelector are the set of labels to3978determine which namespaces to watch for LogInstances. If not3979provided, only checks own namespace.3980properties:3981matchExpressions:3982description: matchExpressions is a list of label selector3983requirements. The requirements are ANDed.3984items:3985description: A label selector requirement is a selector3986that contains values, a key, and an operator that relates3987the key and values.3988properties:3989key:3990description: key is the label key that the selector3991applies to.3992type: string3993operator:3994description: operator represents a key's relationship3995to a set of values. Valid operators are In, NotIn,3996Exists and DoesNotExist.3997type: string3998values:3999description: values is an array of string values. If4000the operator is In or NotIn, the values array must4001be non-empty. If the operator is Exists or DoesNotExist,4002the values array must be empty. This array is replaced4003during a strategic merge patch.4004items:4005type: string4006type: array4007required:4008- key4009- operator4010type: object4011type: array4012matchLabels:4013additionalProperties:4014type: string4015description: matchLabels is a map of {key,value} pairs. A4016single {key,value} in the matchLabels map is equivalent4017to an element of matchExpressions, whose key field is "key",4018the operator is "In", and the values array contains only4019"value". The requirements are ANDed.4020type: object4021type: object4022x-kubernetes-map-type: atomic4023instanceSelector:4024description: InstanceSelector determines which LogInstances should4025be selected for running. Each instance runs its own set of Prometheus4026components, including service discovery, scraping, and remote_write.4027properties:4028matchExpressions:4029description: matchExpressions is a list of label selector4030requirements. The requirements are ANDed.4031items:4032description: A label selector requirement is a selector4033that contains values, a key, and an operator that relates4034the key and values.4035properties:4036key:4037description: key is the label key that the selector4038applies to.4039type: string4040operator:4041description: operator represents a key's relationship4042to a set of values. Valid operators are In, NotIn,4043Exists and DoesNotExist.4044type: string4045values:4046description: values is an array of string values. If4047the operator is In or NotIn, the values array must4048be non-empty. If the operator is Exists or DoesNotExist,4049the values array must be empty. This array is replaced4050during a strategic merge patch.4051items:4052type: string4053type: array4054required:4055- key4056- operator4057type: object4058type: array4059matchLabels:4060additionalProperties:4061type: string4062description: matchLabels is a map of {key,value} pairs. A4063single {key,value} in the matchLabels map is equivalent4064to an element of matchExpressions, whose key field is "key",4065the operator is "In", and the values array contains only4066"value". The requirements are ANDed.4067type: object4068type: object4069x-kubernetes-map-type: atomic4070logsExternalLabelName:4071description: LogsExternalLabelName is the name of the external4072label used to denote Grafana Agent cluster. Defaults to "cluster."4073External label will _not_ be added when value is set to the4074empty string.4075type: string4076type: object4077metrics:4078description: Metrics controls the metrics subsystem of the Agent and4079settings unique to metrics-specific pods that are deployed.4080properties:4081arbitraryFSAccessThroughSMs:4082description: ArbitraryFSAccessThroughSMs configures whether configuration4083based on a ServiceMonitor can access arbitrary files on the4084file system of the Grafana Agent container, e.g., bearer token4085files.4086properties:4087deny:4088type: boolean4089type: object4090enforcedNamespaceLabel:4091description: EnforcedNamespaceLabel enforces adding a namespace4092label of origin for each metric that is user-created. The label4093value is always the namespace of the object that is being created.4094type: string4095enforcedSampleLimit:4096description: EnforcedSampleLimit defines a global limit on the4097number of scraped samples that are accepted. This overrides4098any SampleLimit set per ServiceMonitor and/or PodMonitor. It4099is meant to be used by admins to enforce the SampleLimit to4100keep the overall number of samples and series under the desired4101limit. Note that if a SampleLimit from a ServiceMonitor or PodMonitor4102is lower, that value is used instead.4103format: int644104type: integer4105enforcedTargetLimit:4106description: EnforcedTargetLimit defines a global limit on the4107number of scraped targets. This overrides any TargetLimit set4108per ServiceMonitor and/or PodMonitor. It is meant to be used4109by admins to enforce the TargetLimit to keep the overall number4110of targets under the desired limit. Note that if a TargetLimit4111from a ServiceMonitor or PodMonitor is higher, that value is4112used instead.4113format: int644114type: integer4115externalLabels:4116additionalProperties:4117type: string4118description: ExternalLabels are labels to add to any time series4119when sending data over remote_write.4120type: object4121ignoreNamespaceSelectors:4122description: IgnoreNamespaceSelectors, if true, ignores NamespaceSelector4123settings from the PodMonitor and ServiceMonitor configs, so4124that they only discover endpoints within their current namespace.4125type: boolean4126instanceNamespaceSelector:4127description: InstanceNamespaceSelector is the set of labels that4128determines which namespaces to watch for MetricsInstances. If4129not provided, it only checks its own namespace.4130properties:4131matchExpressions:4132description: matchExpressions is a list of label selector4133requirements. The requirements are ANDed.4134items:4135description: A label selector requirement is a selector4136that contains values, a key, and an operator that relates4137the key and values.4138properties:4139key:4140description: key is the label key that the selector4141applies to.4142type: string4143operator:4144description: operator represents a key's relationship4145to a set of values. Valid operators are In, NotIn,4146Exists and DoesNotExist.4147type: string4148values:4149description: values is an array of string values. If4150the operator is In or NotIn, the values array must4151be non-empty. If the operator is Exists or DoesNotExist,4152the values array must be empty. This array is replaced4153during a strategic merge patch.4154items:4155type: string4156type: array4157required:4158- key4159- operator4160type: object4161type: array4162matchLabels:4163additionalProperties:4164type: string4165description: matchLabels is a map of {key,value} pairs. A4166single {key,value} in the matchLabels map is equivalent4167to an element of matchExpressions, whose key field is "key",4168the operator is "In", and the values array contains only4169"value". The requirements are ANDed.4170type: object4171type: object4172x-kubernetes-map-type: atomic4173instanceSelector:4174description: InstanceSelector determines which MetricsInstances4175should be selected for running. Each instance runs its own set4176of Metrics components, including service discovery, scraping,4177and remote_write.4178properties:4179matchExpressions:4180description: matchExpressions is a list of label selector4181requirements. The requirements are ANDed.4182items:4183description: A label selector requirement is a selector4184that contains values, a key, and an operator that relates4185the key and values.4186properties:4187key:4188description: key is the label key that the selector4189applies to.4190type: string4191operator:4192description: operator represents a key's relationship4193to a set of values. Valid operators are In, NotIn,4194Exists and DoesNotExist.4195type: string4196values:4197description: values is an array of string values. If4198the operator is In or NotIn, the values array must4199be non-empty. If the operator is Exists or DoesNotExist,4200the values array must be empty. This array is replaced4201during a strategic merge patch.4202items:4203type: string4204type: array4205required:4206- key4207- operator4208type: object4209type: array4210matchLabels:4211additionalProperties:4212type: string4213description: matchLabels is a map of {key,value} pairs. A4214single {key,value} in the matchLabels map is equivalent4215to an element of matchExpressions, whose key field is "key",4216the operator is "In", and the values array contains only4217"value". The requirements are ANDed.4218type: object4219type: object4220x-kubernetes-map-type: atomic4221metricsExternalLabelName:4222description: MetricsExternalLabelName is the name of the external4223label used to denote Grafana Agent cluster. Defaults to "cluster."4224The external label is _not_ added when the value is set to the4225empty string.4226type: string4227overrideHonorLabels:4228description: OverrideHonorLabels, if true, overrides all configured4229honor_labels read from ServiceMonitor or PodMonitor and sets4230them to false.4231type: boolean4232overrideHonorTimestamps:4233description: OverrideHonorTimestamps allows global enforcement4234for honoring timestamps in all scrape configs.4235type: boolean4236remoteWrite:4237description: RemoteWrite controls default remote_write settings4238for all instances. If an instance does not provide its own RemoteWrite4239settings, these will be used instead.4240items:4241description: RemoteWriteSpec defines the remote_write configuration4242for Prometheus.4243properties:4244basicAuth:4245description: BasicAuth for the URL.4246properties:4247password:4248description: The secret in the service monitor namespace4249that contains the password for authentication.4250properties:4251key:4252description: The key of the secret to select from. Must4253be a valid secret key.4254type: string4255name:4256description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4257TODO: Add other useful fields. apiVersion, kind,4258uid?'4259type: string4260optional:4261description: Specify whether the Secret or its key4262must be defined4263type: boolean4264required:4265- key4266type: object4267x-kubernetes-map-type: atomic4268username:4269description: The secret in the service monitor namespace4270that contains the username for authentication.4271properties:4272key:4273description: The key of the secret to select from. Must4274be a valid secret key.4275type: string4276name:4277description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4278TODO: Add other useful fields. apiVersion, kind,4279uid?'4280type: string4281optional:4282description: Specify whether the Secret or its key4283must be defined4284type: boolean4285required:4286- key4287type: object4288x-kubernetes-map-type: atomic4289type: object4290bearerToken:4291description: BearerToken used for remote_write.4292type: string4293bearerTokenFile:4294description: BearerTokenFile used to read bearer token.4295type: string4296headers:4297additionalProperties:4298type: string4299description: Headers is a set of custom HTTP headers to4300be sent along with each remote_write request. Be aware4301that any headers set by Grafana Agent itself can't be4302overwritten.4303type: object4304metadataConfig:4305description: MetadataConfig configures the sending of series4306metadata to remote storage.4307properties:4308send:4309description: Send enables metric metadata to be sent4310to remote storage.4311type: boolean4312sendInterval:4313description: SendInterval controls how frequently metric4314metadata is sent to remote storage.4315type: string4316type: object4317name:4318description: Name of the remote_write queue. Must be unique4319if specified. The name is used in metrics and logging4320in order to differentiate queues.4321type: string4322oauth2:4323description: Oauth2 for URL4324properties:4325clientId:4326description: The secret or configmap containing the4327OAuth2 client id4328properties:4329configMap:4330description: ConfigMap containing data to use for4331the targets.4332properties:4333key:4334description: The key to select.4335type: string4336name:4337description: 'Name of the referent. More info:4338https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4339TODO: Add other useful fields. apiVersion,4340kind, uid?'4341type: string4342optional:4343description: Specify whether the ConfigMap or4344its key must be defined4345type: boolean4346required:4347- key4348type: object4349x-kubernetes-map-type: atomic4350secret:4351description: Secret containing data to use for the4352targets.4353properties:4354key:4355description: The key of the secret to select4356from. Must be a valid secret key.4357type: string4358name:4359description: 'Name of the referent. More info:4360https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4361TODO: Add other useful fields. apiVersion,4362kind, uid?'4363type: string4364optional:4365description: Specify whether the Secret or its4366key must be defined4367type: boolean4368required:4369- key4370type: object4371x-kubernetes-map-type: atomic4372type: object4373clientSecret:4374description: The secret containing the OAuth2 client4375secret4376properties:4377key:4378description: The key of the secret to select from. Must4379be a valid secret key.4380type: string4381name:4382description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4383TODO: Add other useful fields. apiVersion, kind,4384uid?'4385type: string4386optional:4387description: Specify whether the Secret or its key4388must be defined4389type: boolean4390required:4391- key4392type: object4393x-kubernetes-map-type: atomic4394endpointParams:4395additionalProperties:4396type: string4397description: Parameters to append to the token URL4398type: object4399scopes:4400description: OAuth2 scopes used for the token request4401items:4402type: string4403type: array4404tokenUrl:4405description: The URL to fetch the token from4406minLength: 14407type: string4408required:4409- clientId4410- clientSecret4411- tokenUrl4412type: object4413proxyUrl:4414description: ProxyURL to proxy requests through. Optional.4415type: string4416queueConfig:4417description: QueueConfig allows tuning of the remote_write4418queue parameters.4419properties:4420batchSendDeadline:4421description: BatchSendDeadline is the maximum time a4422sample will wait in the buffer.4423type: string4424capacity:4425description: Capacity is the number of samples to buffer4426per shard before samples start being dropped.4427type: integer4428maxBackoff:4429description: MaxBackoff is the maximum retry delay.4430type: string4431maxRetries:4432description: MaxRetries is the maximum number of times4433to retry a batch on recoverable errors.4434type: integer4435maxSamplesPerSend:4436description: MaxSamplesPerSend is the maximum number4437of samples per send.4438type: integer4439maxShards:4440description: MaxShards is the maximum number of shards,4441i.e., the amount of concurrency.4442type: integer4443minBackoff:4444description: MinBackoff is the initial retry delay.4445MinBackoff is doubled for every retry.4446type: string4447minShards:4448description: MinShards is the minimum number of shards,4449i.e., the amount of concurrency.4450type: integer4451retryOnRateLimit:4452description: RetryOnRateLimit retries requests when4453encountering rate limits.4454type: boolean4455type: object4456remoteTimeout:4457description: RemoteTimeout is the timeout for requests to4458the remote_write endpoint.4459type: string4460sigv4:4461description: SigV4 configures SigV4-based authentication4462to the remote_write endpoint. SigV4-based authentication4463is used if SigV4 is defined, even with an empty object.4464properties:4465accessKey:4466description: AccessKey holds the secret of the AWS API4467access key to use for signing. If not provided, the4468environment variable AWS_ACCESS_KEY_ID is used.4469properties:4470key:4471description: The key of the secret to select from. Must4472be a valid secret key.4473type: string4474name:4475description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4476TODO: Add other useful fields. apiVersion, kind,4477uid?'4478type: string4479optional:4480description: Specify whether the Secret or its key4481must be defined4482type: boolean4483required:4484- key4485type: object4486x-kubernetes-map-type: atomic4487profile:4488description: Profile is the named AWS profile to use4489for authentication.4490type: string4491region:4492description: Region of the AWS endpoint. If blank, the4493region from the default credentials chain is used.4494type: string4495roleARN:4496description: RoleARN is the AWS Role ARN to use for4497authentication, as an alternative for using the AWS4498API keys.4499type: string4500secretKey:4501description: SecretKey of the AWS API to use for signing.4502If blank, the environment variable AWS_SECRET_ACCESS_KEY4503is used.4504properties:4505key:4506description: The key of the secret to select from. Must4507be a valid secret key.4508type: string4509name:4510description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4511TODO: Add other useful fields. apiVersion, kind,4512uid?'4513type: string4514optional:4515description: Specify whether the Secret or its key4516must be defined4517type: boolean4518required:4519- key4520type: object4521x-kubernetes-map-type: atomic4522type: object4523tlsConfig:4524description: TLSConfig to use for remote_write.4525properties:4526ca:4527description: Certificate authority used when verifying4528server certificates.4529properties:4530configMap:4531description: ConfigMap containing data to use for4532the targets.4533properties:4534key:4535description: The key to select.4536type: string4537name:4538description: 'Name of the referent. More info:4539https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4540TODO: Add other useful fields. apiVersion,4541kind, uid?'4542type: string4543optional:4544description: Specify whether the ConfigMap or4545its key must be defined4546type: boolean4547required:4548- key4549type: object4550x-kubernetes-map-type: atomic4551secret:4552description: Secret containing data to use for the4553targets.4554properties:4555key:4556description: The key of the secret to select4557from. Must be a valid secret key.4558type: string4559name:4560description: 'Name of the referent. More info:4561https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4562TODO: Add other useful fields. apiVersion,4563kind, uid?'4564type: string4565optional:4566description: Specify whether the Secret or its4567key must be defined4568type: boolean4569required:4570- key4571type: object4572x-kubernetes-map-type: atomic4573type: object4574caFile:4575description: Path to the CA cert in the Prometheus container4576to use for the targets.4577type: string4578cert:4579description: Client certificate to present when doing4580client-authentication.4581properties:4582configMap:4583description: ConfigMap containing data to use for4584the targets.4585properties:4586key:4587description: The key to select.4588type: string4589name:4590description: 'Name of the referent. More info:4591https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4592TODO: Add other useful fields. apiVersion,4593kind, uid?'4594type: string4595optional:4596description: Specify whether the ConfigMap or4597its key must be defined4598type: boolean4599required:4600- key4601type: object4602x-kubernetes-map-type: atomic4603secret:4604description: Secret containing data to use for the4605targets.4606properties:4607key:4608description: The key of the secret to select4609from. Must be a valid secret key.4610type: string4611name:4612description: 'Name of the referent. More info:4613https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4614TODO: Add other useful fields. apiVersion,4615kind, uid?'4616type: string4617optional:4618description: Specify whether the Secret or its4619key must be defined4620type: boolean4621required:4622- key4623type: object4624x-kubernetes-map-type: atomic4625type: object4626certFile:4627description: Path to the client cert file in the Prometheus4628container for the targets.4629type: string4630insecureSkipVerify:4631description: Disable target certificate validation.4632type: boolean4633keyFile:4634description: Path to the client key file in the Prometheus4635container for the targets.4636type: string4637keySecret:4638description: Secret containing the client key file for4639the targets.4640properties:4641key:4642description: The key of the secret to select from. Must4643be a valid secret key.4644type: string4645name:4646description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names4647TODO: Add other useful fields. apiVersion, kind,4648uid?'4649type: string4650optional:4651description: Specify whether the Secret or its key4652must be defined4653type: boolean4654required:4655- key4656type: object4657x-kubernetes-map-type: atomic4658serverName:4659description: Used to verify the hostname for the targets.4660type: string4661type: object4662url:4663description: URL of the endpoint to send samples to.4664type: string4665writeRelabelConfigs:4666description: WriteRelabelConfigs holds relabel_configs to4667relabel samples before they are sent to the remote_write4668endpoint.4669items:4670description: 'RelabelConfig allows dynamic rewriting of4671the label set, being applied to samples before ingestion.4672It defines `<metric_relabel_configs>`-section of Prometheus4673configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'4674properties:4675action:4676default: replace4677description: Action to perform based on regex matching.4678Default is 'replace'. uppercase and lowercase actions4679require Prometheus >= 2.36.4680enum:4681- replace4682- Replace4683- keep4684- Keep4685- drop4686- Drop4687- hashmod4688- HashMod4689- labelmap4690- LabelMap4691- labeldrop4692- LabelDrop4693- labelkeep4694- LabelKeep4695- lowercase4696- Lowercase4697- uppercase4698- Uppercase4699type: string4700modulus:4701description: Modulus to take of the hash of the source4702label values.4703format: int644704type: integer4705regex:4706description: Regular expression against which the4707extracted value is matched. Default is '(.*)'4708type: string4709replacement:4710description: Replacement value against which a regex4711replace is performed if the regular expression matches.4712Regex capture groups are available. Default is '$1'4713type: string4714separator:4715description: Separator placed between concatenated4716source label values. default is ';'.4717type: string4718sourceLabels:4719description: The source labels select values from4720existing labels. Their content is concatenated using4721the configured separator and matched against the4722configured regular expression for the replace, keep,4723and drop actions.4724items:4725description: LabelName is a valid Prometheus label4726name which may only contain ASCII letters, numbers,4727as well as underscores.4728pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$4729type: string4730type: array4731targetLabel:4732description: Label to which the resulting value is4733written in a replace action. It is mandatory for4734replace actions. Regex capture groups are available.4735type: string4736type: object4737type: array4738required:4739- url4740type: object4741type: array4742replicaExternalLabelName:4743description: ReplicaExternalLabelName is the name of the metrics4744external label used to denote the replica name. Defaults to4745__replica__. The external label is _not_ added when the value4746is set to the empty string.4747type: string4748replicas:4749description: Replicas of each shard to deploy for metrics pods.4750Number of replicas multiplied by the number of shards is the4751total number of pods created.4752format: int324753type: integer4754scrapeInterval:4755description: ScrapeInterval is the time between consecutive scrapes.4756type: string4757scrapeTimeout:4758description: ScrapeTimeout is the time to wait for a target to4759respond before marking a scrape as failed.4760type: string4761shards:4762description: Shards to distribute targets onto. Number of replicas4763multiplied by the number of shards is the total number of pods4764created. Note that scaling down shards does not reshard data4765onto remaining instances; it must be manually moved. Increasing4766shards does not reshard data either, but it will continue to4767be available from the same instances. Sharding is performed4768on the content of the __address__ target meta-label.4769format: int324770type: integer4771type: object4772nodeSelector:4773additionalProperties:4774type: string4775description: NodeSelector defines which nodes pods should be scheduling4776on.4777type: object4778paused:4779description: Paused prevents actions except for deletion to be performed4780on the underlying managed objects.4781type: boolean4782podMetadata:4783description: PodMetadata configures Labels and Annotations which are4784propagated to created Grafana Agent pods.4785properties:4786annotations:4787additionalProperties:4788type: string4789description: 'Annotations is an unstructured key value map stored4790with a resource that may be set by external tools to store and4791retrieve arbitrary metadata. They are not queryable and should4792be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/'4793type: object4794labels:4795additionalProperties:4796type: string4797description: 'Map of string keys and values that can be used to4798organize and categorize (scope and select) objects. May match4799selectors of replication controllers and services. More info:4800https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/'4801type: object4802name:4803description: 'Name must be unique within a namespace. Is required4804when creating resources, although some resources may allow a4805client to request the generation of an appropriate name automatically.4806Name is primarily intended for creation idempotence and configuration4807definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'4808type: string4809type: object4810portName:4811description: Port name used for the pods and governing service. This4812defaults to agent-metrics.4813type: string4814priorityClassName:4815description: PriorityClassName is the priority class assigned to pods.4816type: string4817resources:4818description: Resources holds requests and limits for individual pods.4819properties:4820limits:4821additionalProperties:4822anyOf:4823- type: integer4824- type: string4825pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$4826x-kubernetes-int-or-string: true4827description: 'Limits describes the maximum amount of compute resources4828allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'4829type: object4830requests:4831additionalProperties:4832anyOf:4833- type: integer4834- type: string4835pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$4836x-kubernetes-int-or-string: true4837description: 'Requests describes the minimum amount of compute4838resources required. If Requests is omitted for a container,4839it defaults to Limits if that is explicitly specified, otherwise4840to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'4841type: object4842type: object4843secrets:4844description: Secrets is a list of secrets in the same namespace as4845the GrafanaAgent object which will be mounted into each running4846Grafana Agent pod. The secrets are mounted into /etc/grafana-agent/extra-secrets/<secret-name>.4847items:4848type: string4849type: array4850securityContext:4851description: SecurityContext holds pod-level security attributes and4852common container settings. When unspecified, defaults to the default4853PodSecurityContext.4854properties:4855fsGroup:4856description: "A special supplemental group that applies to all4857containers in a pod. Some volume types allow the Kubelet to4858change the ownership of that volume to be owned by the pod:4859\n 1. The owning GID will be the FSGroup 2. The setgid bit is4860set (new files created in the volume will be owned by FSGroup)48613. The permission bits are OR'd with rw-rw---- \n If unset,4862the Kubelet will not modify the ownership and permissions of4863any volume. Note that this field cannot be set when spec.os.name4864is windows."4865format: int644866type: integer4867fsGroupChangePolicy:4868description: 'fsGroupChangePolicy defines behavior of changing4869ownership and permission of the volume before being exposed4870inside Pod. This field will only apply to volume types which4871support fsGroup based ownership(and permissions). It will have4872no effect on ephemeral volume types such as: secret, configmaps4873and emptydir. Valid values are "OnRootMismatch" and "Always".4874If not specified, "Always" is used. Note that this field cannot4875be set when spec.os.name is windows.'4876type: string4877runAsGroup:4878description: The GID to run the entrypoint of the container process.4879Uses runtime default if unset. May also be set in SecurityContext. If4880set in both SecurityContext and PodSecurityContext, the value4881specified in SecurityContext takes precedence for that container.4882Note that this field cannot be set when spec.os.name is windows.4883format: int644884type: integer4885runAsNonRoot:4886description: Indicates that the container must run as a non-root4887user. If true, the Kubelet will validate the image at runtime4888to ensure that it does not run as UID 0 (root) and fail to start4889the container if it does. If unset or false, no such validation4890will be performed. May also be set in SecurityContext. If set4891in both SecurityContext and PodSecurityContext, the value specified4892in SecurityContext takes precedence.4893type: boolean4894runAsUser:4895description: The UID to run the entrypoint of the container process.4896Defaults to user specified in image metadata if unspecified.4897May also be set in SecurityContext. If set in both SecurityContext4898and PodSecurityContext, the value specified in SecurityContext4899takes precedence for that container. Note that this field cannot4900be set when spec.os.name is windows.4901format: int644902type: integer4903seLinuxOptions:4904description: The SELinux context to be applied to all containers.4905If unspecified, the container runtime will allocate a random4906SELinux context for each container. May also be set in SecurityContext. If4907set in both SecurityContext and PodSecurityContext, the value4908specified in SecurityContext takes precedence for that container.4909Note that this field cannot be set when spec.os.name is windows.4910properties:4911level:4912description: Level is SELinux level label that applies to4913the container.4914type: string4915role:4916description: Role is a SELinux role label that applies to4917the container.4918type: string4919type:4920description: Type is a SELinux type label that applies to4921the container.4922type: string4923user:4924description: User is a SELinux user label that applies to4925the container.4926type: string4927type: object4928seccompProfile:4929description: The seccomp options to use by the containers in this4930pod. Note that this field cannot be set when spec.os.name is4931windows.4932properties:4933localhostProfile:4934description: localhostProfile indicates a profile defined4935in a file on the node should be used. The profile must be4936preconfigured on the node to work. Must be a descending4937path, relative to the kubelet's configured seccomp profile4938location. Must only be set if type is "Localhost".4939type: string4940type:4941description: "type indicates which kind of seccomp profile4942will be applied. Valid options are: \n Localhost - a profile4943defined in a file on the node should be used. RuntimeDefault4944- the container runtime default profile should be used.4945Unconfined - no profile should be applied."4946type: string4947required:4948- type4949type: object4950supplementalGroups:4951description: A list of groups applied to the first process run4952in each container, in addition to the container's primary GID. If4953unspecified, no groups will be added to any container. Note4954that this field cannot be set when spec.os.name is windows.4955items:4956format: int644957type: integer4958type: array4959sysctls:4960description: Sysctls hold a list of namespaced sysctls used for4961the pod. Pods with unsupported sysctls (by the container runtime)4962might fail to launch. Note that this field cannot be set when4963spec.os.name is windows.4964items:4965description: Sysctl defines a kernel parameter to be set4966properties:4967name:4968description: Name of a property to set4969type: string4970value:4971description: Value of a property to set4972type: string4973required:4974- name4975- value4976type: object4977type: array4978windowsOptions:4979description: The Windows specific settings applied to all containers.4980If unspecified, the options within a container's SecurityContext4981will be used. If set in both SecurityContext and PodSecurityContext,4982the value specified in SecurityContext takes precedence. Note4983that this field cannot be set when spec.os.name is linux.4984properties:4985gmsaCredentialSpec:4986description: GMSACredentialSpec is where the GMSA admission4987webhook (https://github.com/kubernetes-sigs/windows-gmsa)4988inlines the contents of the GMSA credential spec named by4989the GMSACredentialSpecName field.4990type: string4991gmsaCredentialSpecName:4992description: GMSACredentialSpecName is the name of the GMSA4993credential spec to use.4994type: string4995hostProcess:4996description: HostProcess determines if a container should4997be run as a 'Host Process' container. This field is alpha-level4998and will only be honored by components that enable the WindowsHostProcessContainers4999feature flag. Setting this field without the feature flag5000will result in errors when validating the Pod. All of a5001Pod's containers must have the same effective HostProcess5002value (it is not allowed to have a mix of HostProcess containers5003and non-HostProcess containers). In addition, if HostProcess5004is true then HostNetwork must also be set to true.5005type: boolean5006runAsUserName:5007description: The UserName in Windows to run the entrypoint5008of the container process. Defaults to the user specified5009in image metadata if unspecified. May also be set in PodSecurityContext.5010If set in both SecurityContext and PodSecurityContext, the5011value specified in SecurityContext takes precedence.5012type: string5013type: object5014type: object5015serviceAccountName:5016description: ServiceAccountName is the name of the ServiceAccount5017to use for running Grafana Agent pods.5018type: string5019storage:5020description: Storage spec to specify how storage will be used.5021properties:5022disableMountSubPath:5023description: 'Deprecated: subPath usage will be disabled by default5024in a future release, this option will become unnecessary. DisableMountSubPath5025allows to remove any subPath usage in volume mounts.'5026type: boolean5027emptyDir:5028description: 'EmptyDirVolumeSource to be used by the Prometheus5029StatefulSets. If specified, used in place of any volumeClaimTemplate.5030More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'5031properties:5032medium:5033description: 'medium represents what type of storage medium5034should back this directory. The default is "" which means5035to use the node''s default medium. Must be an empty string5036(default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'5037type: string5038sizeLimit:5039anyOf:5040- type: integer5041- type: string5042description: 'sizeLimit is the total amount of local storage5043required for this EmptyDir volume. The size limit is also5044applicable for memory medium. The maximum usage on memory5045medium EmptyDir would be the minimum value between the SizeLimit5046specified here and the sum of memory limits of all containers5047in a pod. The default is nil which means that the limit5048is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'5049pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$5050x-kubernetes-int-or-string: true5051type: object5052ephemeral:5053description: 'EphemeralVolumeSource to be used by the Prometheus5054StatefulSets. This is a beta field in k8s 1.21, for lower versions,5055starting with k8s 1.19, it requires enabling the GenericEphemeralVolume5056feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes'5057properties:5058volumeClaimTemplate:5059description: "Will be used to create a stand-alone PVC to5060provision the volume. The pod in which this EphemeralVolumeSource5061is embedded will be the owner of the PVC, i.e. the PVC will5062be deleted together with the pod. The name of the PVC will5063be `<pod name>-<volume name>` where `<volume name>` is the5064name from the `PodSpec.Volumes` array entry. Pod validation5065will reject the pod if the concatenated name is not valid5066for a PVC (for example, too long). \n An existing PVC with5067that name that is not owned by the pod will *not* be used5068for the pod to avoid using an unrelated volume by mistake.5069Starting the pod is then blocked until the unrelated PVC5070is removed. If such a pre-created PVC is meant to be used5071by the pod, the PVC has to updated with an owner reference5072to the pod once the pod exists. Normally this should not5073be necessary, but it may be useful when manually reconstructing5074a broken cluster. \n This field is read-only and no changes5075will be made by Kubernetes to the PVC after it has been5076created. \n Required, must not be nil."5077properties:5078metadata:5079description: May contain labels and annotations that will5080be copied into the PVC when creating it. No other fields5081are allowed and will be rejected during validation.5082type: object5083spec:5084description: The specification for the PersistentVolumeClaim.5085The entire content is copied unchanged into the PVC5086that gets created from this template. The same fields5087as in a PersistentVolumeClaim are also valid here.5088properties:5089accessModes:5090description: 'accessModes contains the desired access5091modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'5092items:5093type: string5094type: array5095dataSource:5096description: 'dataSource field can be used to specify5097either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)5098* An existing PVC (PersistentVolumeClaim) If the5099provisioner or an external controller can support5100the specified data source, it will create a new5101volume based on the contents of the specified data5102source. If the AnyVolumeDataSource feature gate5103is enabled, this field will always have the same5104contents as the DataSourceRef field.'5105properties:5106apiGroup:5107description: APIGroup is the group for the resource5108being referenced. If APIGroup is not specified,5109the specified Kind must be in the core API group.5110For any other third-party types, APIGroup is5111required.5112type: string5113kind:5114description: Kind is the type of resource being5115referenced5116type: string5117name:5118description: Name is the name of resource being5119referenced5120type: string5121required:5122- kind5123- name5124type: object5125x-kubernetes-map-type: atomic5126dataSourceRef:5127description: 'dataSourceRef specifies the object from5128which to populate the volume with data, if a non-empty5129volume is desired. This may be any local object5130from a non-empty API group (non core object) or5131a PersistentVolumeClaim object. When this field5132is specified, volume binding will only succeed if5133the type of the specified object matches some installed5134volume populator or dynamic provisioner. This field5135will replace the functionality of the DataSource5136field and as such if both fields are non-empty,5137they must have the same value. For backwards compatibility,5138both fields (DataSource and DataSourceRef) will5139be set to the same value automatically if one of5140them is empty and the other is non-empty. There5141are two important differences between DataSource5142and DataSourceRef: * While DataSource only allows5143two specific types of objects, DataSourceRef allows5144any non-core object, as well as PersistentVolumeClaim5145objects. * While DataSource ignores disallowed values5146(dropping them), DataSourceRef preserves all values,5147and generates an error if a disallowed value is5148specified. (Beta) Using this field requires the5149AnyVolumeDataSource feature gate to be enabled.'5150properties:5151apiGroup:5152description: APIGroup is the group for the resource5153being referenced. If APIGroup is not specified,5154the specified Kind must be in the core API group.5155For any other third-party types, APIGroup is5156required.5157type: string5158kind:5159description: Kind is the type of resource being5160referenced5161type: string5162name:5163description: Name is the name of resource being5164referenced5165type: string5166required:5167- kind5168- name5169type: object5170x-kubernetes-map-type: atomic5171resources:5172description: 'resources represents the minimum resources5173the volume should have. If RecoverVolumeExpansionFailure5174feature is enabled users are allowed to specify5175resource requirements that are lower than previous5176value but must still be higher than capacity recorded5177in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'5178properties:5179limits:5180additionalProperties:5181anyOf:5182- type: integer5183- type: string5184pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$5185x-kubernetes-int-or-string: true5186description: 'Limits describes the maximum amount5187of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'5188type: object5189requests:5190additionalProperties:5191anyOf:5192- type: integer5193- type: string5194pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$5195x-kubernetes-int-or-string: true5196description: 'Requests describes the minimum amount5197of compute resources required. If Requests is5198omitted for a container, it defaults to Limits5199if that is explicitly specified, otherwise to5200an implementation-defined value. More info:5201https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'5202type: object5203type: object5204selector:5205description: selector is a label query over volumes5206to consider for binding.5207properties:5208matchExpressions:5209description: matchExpressions is a list of label5210selector requirements. The requirements are5211ANDed.5212items:5213description: A label selector requirement is5214a selector that contains values, a key, and5215an operator that relates the key and values.5216properties:5217key:5218description: key is the label key that the5219selector applies to.5220type: string5221operator:5222description: operator represents a key's5223relationship to a set of values. Valid5224operators are In, NotIn, Exists and DoesNotExist.5225type: string5226values:5227description: values is an array of string5228values. If the operator is In or NotIn,5229the values array must be non-empty. If5230the operator is Exists or DoesNotExist,5231the values array must be empty. This array5232is replaced during a strategic merge patch.5233items:5234type: string5235type: array5236required:5237- key5238- operator5239type: object5240type: array5241matchLabels:5242additionalProperties:5243type: string5244description: matchLabels is a map of {key,value}5245pairs. A single {key,value} in the matchLabels5246map is equivalent to an element of matchExpressions,5247whose key field is "key", the operator is "In",5248and the values array contains only "value".5249The requirements are ANDed.5250type: object5251type: object5252x-kubernetes-map-type: atomic5253storageClassName:5254description: 'storageClassName is the name of the5255StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'5256type: string5257volumeMode:5258description: volumeMode defines what type of volume5259is required by the claim. Value of Filesystem is5260implied when not included in claim spec.5261type: string5262volumeName:5263description: volumeName is the binding reference to5264the PersistentVolume backing this claim.5265type: string5266type: object5267required:5268- spec5269type: object5270type: object5271volumeClaimTemplate:5272description: A PVC spec to be used by the Prometheus StatefulSets.5273properties:5274apiVersion:5275description: 'APIVersion defines the versioned schema of this5276representation of an object. Servers should convert recognized5277schemas to the latest internal value, and may reject unrecognized5278values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'5279type: string5280kind:5281description: 'Kind is a string value representing the REST5282resource this object represents. Servers may infer this5283from the endpoint the client submits requests to. Cannot5284be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'5285type: string5286metadata:5287description: EmbeddedMetadata contains metadata relevant to5288an EmbeddedResource.5289properties:5290annotations:5291additionalProperties:5292type: string5293description: 'Annotations is an unstructured key value5294map stored with a resource that may be set by external5295tools to store and retrieve arbitrary metadata. They5296are not queryable and should be preserved when modifying5297objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/'5298type: object5299labels:5300additionalProperties:5301type: string5302description: 'Map of string keys and values that can be5303used to organize and categorize (scope and select) objects.5304May match selectors of replication controllers and services.5305More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/'5306type: object5307name:5308description: 'Name must be unique within a namespace.5309Is required when creating resources, although some resources5310may allow a client to request the generation of an appropriate5311name automatically. Name is primarily intended for creation5312idempotence and configuration definition. Cannot be5313updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'5314type: string5315type: object5316spec:5317description: 'Spec defines the desired characteristics of5318a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'5319properties:5320accessModes:5321description: 'accessModes contains the desired access5322modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'5323items:5324type: string5325type: array5326dataSource:5327description: 'dataSource field can be used to specify5328either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)5329* An existing PVC (PersistentVolumeClaim) If the provisioner5330or an external controller can support the specified5331data source, it will create a new volume based on the5332contents of the specified data source. If the AnyVolumeDataSource5333feature gate is enabled, this field will always have5334the same contents as the DataSourceRef field.'5335properties:5336apiGroup:5337description: APIGroup is the group for the resource5338being referenced. If APIGroup is not specified,5339the specified Kind must be in the core API group.5340For any other third-party types, APIGroup is required.5341type: string5342kind:5343description: Kind is the type of resource being referenced5344type: string5345name:5346description: Name is the name of resource being referenced5347type: string5348required:5349- kind5350- name5351type: object5352x-kubernetes-map-type: atomic5353dataSourceRef:5354description: 'dataSourceRef specifies the object from5355which to populate the volume with data, if a non-empty5356volume is desired. This may be any local object from5357a non-empty API group (non core object) or a PersistentVolumeClaim5358object. When this field is specified, volume binding5359will only succeed if the type of the specified object5360matches some installed volume populator or dynamic provisioner.5361This field will replace the functionality of the DataSource5362field and as such if both fields are non-empty, they5363must have the same value. For backwards compatibility,5364both fields (DataSource and DataSourceRef) will be set5365to the same value automatically if one of them is empty5366and the other is non-empty. There are two important5367differences between DataSource and DataSourceRef: *5368While DataSource only allows two specific types of objects,5369DataSourceRef allows any non-core object, as well as5370PersistentVolumeClaim objects. * While DataSource ignores5371disallowed values (dropping them), DataSourceRef preserves5372all values, and generates an error if a disallowed value5373is specified. (Beta) Using this field requires the AnyVolumeDataSource5374feature gate to be enabled.'5375properties:5376apiGroup:5377description: APIGroup is the group for the resource5378being referenced. If APIGroup is not specified,5379the specified Kind must be in the core API group.5380For any other third-party types, APIGroup is required.5381type: string5382kind:5383description: Kind is the type of resource being referenced5384type: string5385name:5386description: Name is the name of resource being referenced5387type: string5388required:5389- kind5390- name5391type: object5392x-kubernetes-map-type: atomic5393resources:5394description: 'resources represents the minimum resources5395the volume should have. If RecoverVolumeExpansionFailure5396feature is enabled users are allowed to specify resource5397requirements that are lower than previous value but5398must still be higher than capacity recorded in the status5399field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'5400properties:5401limits:5402additionalProperties:5403anyOf:5404- type: integer5405- type: string5406pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$5407x-kubernetes-int-or-string: true5408description: 'Limits describes the maximum amount5409of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'5410type: object5411requests:5412additionalProperties:5413anyOf:5414- type: integer5415- type: string5416pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$5417x-kubernetes-int-or-string: true5418description: 'Requests describes the minimum amount5419of compute resources required. If Requests is omitted5420for a container, it defaults to Limits if that is5421explicitly specified, otherwise to an implementation-defined5422value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'5423type: object5424type: object5425selector:5426description: selector is a label query over volumes to5427consider for binding.5428properties:5429matchExpressions:5430description: matchExpressions is a list of label selector5431requirements. The requirements are ANDed.5432items:5433description: A label selector requirement is a selector5434that contains values, a key, and an operator that5435relates the key and values.5436properties:5437key:5438description: key is the label key that the selector5439applies to.5440type: string5441operator:5442description: operator represents a key's relationship5443to a set of values. Valid operators are In,5444NotIn, Exists and DoesNotExist.5445type: string5446values:5447description: values is an array of string values.5448If the operator is In or NotIn, the values5449array must be non-empty. If the operator is5450Exists or DoesNotExist, the values array must5451be empty. This array is replaced during a5452strategic merge patch.5453items:5454type: string5455type: array5456required:5457- key5458- operator5459type: object5460type: array5461matchLabels:5462additionalProperties:5463type: string5464description: matchLabels is a map of {key,value} pairs.5465A single {key,value} in the matchLabels map is equivalent5466to an element of matchExpressions, whose key field5467is "key", the operator is "In", and the values array5468contains only "value". The requirements are ANDed.5469type: object5470type: object5471x-kubernetes-map-type: atomic5472storageClassName:5473description: 'storageClassName is the name of the StorageClass5474required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'5475type: string5476volumeMode:5477description: volumeMode defines what type of volume is5478required by the claim. Value of Filesystem is implied5479when not included in claim spec.5480type: string5481volumeName:5482description: volumeName is the binding reference to the5483PersistentVolume backing this claim.5484type: string5485type: object5486status:5487description: 'Status represents the current information/status5488of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'5489properties:5490accessModes:5491description: 'accessModes contains the actual access modes5492the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'5493items:5494type: string5495type: array5496allocatedResources:5497additionalProperties:5498anyOf:5499- type: integer5500- type: string5501pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$5502x-kubernetes-int-or-string: true5503description: allocatedResources is the storage resource5504within AllocatedResources tracks the capacity allocated5505to a PVC. It may be larger than the actual capacity5506when a volume expansion operation is requested. For5507storage quota, the larger value from allocatedResources5508and PVC.spec.resources is used. If allocatedResources5509is not set, PVC.spec.resources alone is used for quota5510calculation. If a volume expansion capacity request5511is lowered, allocatedResources is only lowered if there5512are no expansion operations in progress and if the actual5513volume capacity is equal or lower than the requested5514capacity. This is an alpha field and requires enabling5515RecoverVolumeExpansionFailure feature.5516type: object5517capacity:5518additionalProperties:5519anyOf:5520- type: integer5521- type: string5522pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$5523x-kubernetes-int-or-string: true5524description: capacity represents the actual resources5525of the underlying volume.5526type: object5527conditions:5528description: conditions is the current Condition of persistent5529volume claim. If underlying persistent volume is being5530resized then the Condition will be set to 'ResizeStarted'.5531items:5532description: PersistentVolumeClaimCondition contails5533details about state of pvc5534properties:5535lastProbeTime:5536description: lastProbeTime is the time we probed5537the condition.5538format: date-time5539type: string5540lastTransitionTime:5541description: lastTransitionTime is the time the5542condition transitioned from one status to another.5543format: date-time5544type: string5545message:5546description: message is the human-readable message5547indicating details about last transition.5548type: string5549reason:5550description: reason is a unique, this should be5551a short, machine understandable string that gives5552the reason for condition's last transition. If5553it reports "ResizeStarted" that means the underlying5554persistent volume is being resized.5555type: string5556status:5557type: string5558type:5559description: PersistentVolumeClaimConditionType5560is a valid value of PersistentVolumeClaimCondition.Type5561type: string5562required:5563- status5564- type5565type: object5566type: array5567phase:5568description: phase represents the current phase of PersistentVolumeClaim.5569type: string5570resizeStatus:5571description: resizeStatus stores status of resize operation.5572ResizeStatus is not set by default but when expansion5573is complete resizeStatus is set to empty string by resize5574controller or kubelet. This is an alpha field and requires5575enabling RecoverVolumeExpansionFailure feature.5576type: string5577type: object5578type: object5579type: object5580tolerations:5581description: Tolerations, if specified, controls the pod's tolerations.5582items:5583description: The pod this Toleration is attached to tolerates any5584taint that matches the triple <key,value,effect> using the matching5585operator <operator>.5586properties:5587effect:5588description: Effect indicates the taint effect to match. Empty5589means match all taint effects. When specified, allowed values5590are NoSchedule, PreferNoSchedule and NoExecute.5591type: string5592key:5593description: Key is the taint key that the toleration applies5594to. Empty means match all taint keys. If the key is empty,5595operator must be Exists; this combination means to match all5596values and all keys.5597type: string5598operator:5599description: Operator represents a key's relationship to the5600value. Valid operators are Exists and Equal. Defaults to Equal.5601Exists is equivalent to wildcard for value, so that a pod5602can tolerate all taints of a particular category.5603type: string5604tolerationSeconds:5605description: TolerationSeconds represents the period of time5606the toleration (which must be of effect NoExecute, otherwise5607this field is ignored) tolerates the taint. By default, it5608is not set, which means tolerate the taint forever (do not5609evict). Zero and negative values will be treated as 0 (evict5610immediately) by the system.5611format: int645612type: integer5613value:5614description: Value is the taint value the toleration matches5615to. If the operator is Exists, the value should be empty,5616otherwise just a regular string.5617type: string5618type: object5619type: array5620topologySpreadConstraints:5621description: TopologySpreadConstraints, if specified, controls the5622pod's topology spread constraints.5623items:5624description: TopologySpreadConstraint specifies how to spread matching5625pods among the given topology.5626properties:5627labelSelector:5628description: LabelSelector is used to find matching pods. Pods5629that match this label selector are counted to determine the5630number of pods in their corresponding topology domain.5631properties:5632matchExpressions:5633description: matchExpressions is a list of label selector5634requirements. The requirements are ANDed.5635items:5636description: A label selector requirement is a selector5637that contains values, a key, and an operator that relates5638the key and values.5639properties:5640key:5641description: key is the label key that the selector5642applies to.5643type: string5644operator:5645description: operator represents a key's relationship5646to a set of values. Valid operators are In, NotIn,5647Exists and DoesNotExist.5648type: string5649values:5650description: values is an array of string values.5651If the operator is In or NotIn, the values array5652must be non-empty. If the operator is Exists or5653DoesNotExist, the values array must be empty. This5654array is replaced during a strategic merge patch.5655items:5656type: string5657type: array5658required:5659- key5660- operator5661type: object5662type: array5663matchLabels:5664additionalProperties:5665type: string5666description: matchLabels is a map of {key,value} pairs.5667A single {key,value} in the matchLabels map is equivalent5668to an element of matchExpressions, whose key field is5669"key", the operator is "In", and the values array contains5670only "value". The requirements are ANDed.5671type: object5672type: object5673x-kubernetes-map-type: atomic5674matchLabelKeys:5675description: MatchLabelKeys is a set of pod label keys to select5676the pods over which spreading will be calculated. The keys5677are used to lookup values from the incoming pod labels, those5678key-value labels are ANDed with labelSelector to select the5679group of existing pods over which spreading will be calculated5680for the incoming pod. Keys that don't exist in the incoming5681pod labels will be ignored. A null or empty list means only5682match against labelSelector.5683items:5684type: string5685type: array5686x-kubernetes-list-type: atomic5687maxSkew:5688description: 'MaxSkew describes the degree to which pods may5689be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,5690it is the maximum permitted difference between the number5691of matching pods in the target topology and the global minimum.5692The global minimum is the minimum number of matching pods5693in an eligible domain or zero if the number of eligible domains5694is less than MinDomains. For example, in a 3-zone cluster,5695MaxSkew is set to 1, and pods with the same labelSelector5696spread as 2/2/1: In this case, the global minimum is 1. |5697zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew5698is 1, incoming pod can only be scheduled to zone3 to become56992/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)5700on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming5701pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,5702it is used to give higher precedence to topologies that satisfy5703it. It''s a required field. Default value is 1 and 0 is not5704allowed.'5705format: int325706type: integer5707minDomains:5708description: "MinDomains indicates a minimum number of eligible5709domains. When the number of eligible domains with matching5710topology keys is less than minDomains, Pod Topology Spread5711treats \"global minimum\" as 0, and then the calculation of5712Skew is performed. And when the number of eligible domains5713with matching topology keys equals or greater than minDomains,5714this value has no effect on scheduling. As a result, when5715the number of eligible domains is less than minDomains, scheduler5716won't schedule more than maxSkew Pods to those domains. If5717value is nil, the constraint behaves as if MinDomains is equal5718to 1. Valid values are integers greater than 0. When value5719is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For5720example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains5721is set to 5 and pods with the same labelSelector spread as57222/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |5723The number of domains is less than 5(MinDomains), so \"global5724minimum\" is treated as 0. In this situation, new pod with5725the same labelSelector cannot be scheduled, because computed5726skew will be 3(3 - 0) if new Pod is scheduled to any of the5727three zones, it will violate MaxSkew. \n This is a beta field5728and requires the MinDomainsInPodTopologySpread feature gate5729to be enabled (enabled by default)."5730format: int325731type: integer5732nodeAffinityPolicy:5733description: "NodeAffinityPolicy indicates how we will treat5734Pod's nodeAffinity/nodeSelector when calculating pod topology5735spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector5736are included in the calculations. - Ignore: nodeAffinity/nodeSelector5737are ignored. All nodes are included in the calculations. \n5738If this value is nil, the behavior is equivalent to the Honor5739policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread5740feature flag."5741type: string5742nodeTaintsPolicy:5743description: "NodeTaintsPolicy indicates how we will treat node5744taints when calculating pod topology spread skew. Options5745are: - Honor: nodes without taints, along with tainted nodes5746for which the incoming pod has a toleration, are included.5747- Ignore: node taints are ignored. All nodes are included.5748\n If this value is nil, the behavior is equivalent to the5749Ignore policy. This is a alpha-level feature enabled by the5750NodeInclusionPolicyInPodTopologySpread feature flag."5751type: string5752topologyKey:5753description: TopologyKey is the key of node labels. Nodes that5754have a label with this key and identical values are considered5755to be in the same topology. We consider each <key, value>5756as a "bucket", and try to put balanced number of pods into5757each bucket. We define a domain as a particular instance of5758a topology. Also, we define an eligible domain as a domain5759whose nodes meet the requirements of nodeAffinityPolicy and5760nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",5761each Node is a domain of that topology. And, if TopologyKey5762is "topology.kubernetes.io/zone", each zone is a domain of5763that topology. It's a required field.5764type: string5765whenUnsatisfiable:5766description: 'WhenUnsatisfiable indicates how to deal with a5767pod if it doesn''t satisfy the spread constraint. - DoNotSchedule5768(default) tells the scheduler not to schedule it. - ScheduleAnyway5769tells the scheduler to schedule the pod in any location, but5770giving higher precedence to topologies that would help reduce5771the skew. A constraint is considered "Unsatisfiable" for an5772incoming pod if and only if every possible node assignment5773for that pod would violate "MaxSkew" on some topology. For5774example, in a 3-zone cluster, MaxSkew is set to 1, and pods5775with the same labelSelector spread as 3/1/1: | zone1 | zone25776| zone3 | | P P P | P | P | If WhenUnsatisfiable is5777set to DoNotSchedule, incoming pod can only be scheduled to5778zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on5779zone2(zone3) satisfies MaxSkew(1). In other words, the cluster5780can still be imbalanced, but scheduler won''t make it *more*5781imbalanced. It''s a required field.'5782type: string5783required:5784- maxSkew5785- topologyKey5786- whenUnsatisfiable5787type: object5788type: array5789version:5790description: Version of Grafana Agent to be deployed.5791type: string5792volumeMounts:5793description: VolumeMounts lets you configure additional VolumeMounts5794on the output StatefulSet definition. Specified VolumeMounts are5795appended to other VolumeMounts generated as a result of StorageSpec5796objects in the Grafana Agent container.5797items:5798description: VolumeMount describes a mounting of a Volume within5799a container.5800properties:5801mountPath:5802description: Path within the container at which the volume should5803be mounted. Must not contain ':'.5804type: string5805mountPropagation:5806description: mountPropagation determines how mounts are propagated5807from the host to container and the other way around. When5808not set, MountPropagationNone is used. This field is beta5809in 1.10.5810type: string5811name:5812description: This must match the Name of a Volume.5813type: string5814readOnly:5815description: Mounted read-only if true, read-write otherwise5816(false or unspecified). Defaults to false.5817type: boolean5818subPath:5819description: Path within the volume from which the container's5820volume should be mounted. Defaults to "" (volume's root).5821type: string5822subPathExpr:5823description: Expanded path within the volume from which the5824container's volume should be mounted. Behaves similarly to5825SubPath but environment variable references $(VAR_NAME) are5826expanded using the container's environment. Defaults to ""5827(volume's root). SubPathExpr and SubPath are mutually exclusive.5828type: string5829required:5830- mountPath5831- name5832type: object5833type: array5834volumes:5835description: Volumes allows configuration of additional volumes on5836the output StatefulSet definition. The volumes specified are appended5837to other volumes that are generated as a result of StorageSpec objects.5838items:5839description: Volume represents a named volume in a pod that may5840be accessed by any container in the pod.5841properties:5842awsElasticBlockStore:5843description: 'awsElasticBlockStore represents an AWS Disk resource5844that is attached to a kubelet''s host machine and then exposed5845to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'5846properties:5847fsType:5848description: 'fsType is the filesystem type of the volume5849that you want to mount. Tip: Ensure that the filesystem5850type is supported by the host operating system. Examples:5851"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"5852if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore5853TODO: how do we prevent errors in the filesystem from5854compromising the machine'5855type: string5856partition:5857description: 'partition is the partition in the volume that5858you want to mount. If omitted, the default is to mount5859by volume name. Examples: For volume /dev/sda1, you specify5860the partition as "1". Similarly, the volume partition5861for /dev/sda is "0" (or you can leave the property empty).'5862format: int325863type: integer5864readOnly:5865description: 'readOnly value true will force the readOnly5866setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'5867type: boolean5868volumeID:5869description: 'volumeID is unique ID of the persistent disk5870resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'5871type: string5872required:5873- volumeID5874type: object5875azureDisk:5876description: azureDisk represents an Azure Data Disk mount on5877the host and bind mount to the pod.5878properties:5879cachingMode:5880description: 'cachingMode is the Host Caching mode: None,5881Read Only, Read Write.'5882type: string5883diskName:5884description: diskName is the Name of the data disk in the5885blob storage5886type: string5887diskURI:5888description: diskURI is the URI of data disk in the blob5889storage5890type: string5891fsType:5892description: fsType is Filesystem type to mount. Must be5893a filesystem type supported by the host operating system.5894Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"5895if unspecified.5896type: string5897kind:5898description: 'kind expected values are Shared: multiple5899blob disks per storage account Dedicated: single blob5900disk per storage account Managed: azure managed data5901disk (only in managed availability set). defaults to shared'5902type: string5903readOnly:5904description: readOnly Defaults to false (read/write). ReadOnly5905here will force the ReadOnly setting in VolumeMounts.5906type: boolean5907required:5908- diskName5909- diskURI5910type: object5911azureFile:5912description: azureFile represents an Azure File Service mount5913on the host and bind mount to the pod.5914properties:5915readOnly:5916description: readOnly defaults to false (read/write). ReadOnly5917here will force the ReadOnly setting in VolumeMounts.5918type: boolean5919secretName:5920description: secretName is the name of secret that contains5921Azure Storage Account Name and Key5922type: string5923shareName:5924description: shareName is the azure share Name5925type: string5926required:5927- secretName5928- shareName5929type: object5930cephfs:5931description: cephFS represents a Ceph FS mount on the host that5932shares a pod's lifetime5933properties:5934monitors:5935description: 'monitors is Required: Monitors is a collection5936of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'5937items:5938type: string5939type: array5940path:5941description: 'path is Optional: Used as the mounted root,5942rather than the full Ceph tree, default is /'5943type: string5944readOnly:5945description: 'readOnly is Optional: Defaults to false (read/write).5946ReadOnly here will force the ReadOnly setting in VolumeMounts.5947More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'5948type: boolean5949secretFile:5950description: 'secretFile is Optional: SecretFile is the5951path to key ring for User, default is /etc/ceph/user.secret5952More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'5953type: string5954secretRef:5955description: 'secretRef is Optional: SecretRef is reference5956to the authentication secret for User, default is empty.5957More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'5958properties:5959name:5960description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names5961TODO: Add other useful fields. apiVersion, kind, uid?'5962type: string5963type: object5964x-kubernetes-map-type: atomic5965user:5966description: 'user is optional: User is the rados user name,5967default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'5968type: string5969required:5970- monitors5971type: object5972cinder:5973description: 'cinder represents a cinder volume attached and5974mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'5975properties:5976fsType:5977description: 'fsType is the filesystem type to mount. Must5978be a filesystem type supported by the host operating system.5979Examples: "ext4", "xfs", "ntfs". Implicitly inferred to5980be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'5981type: string5982readOnly:5983description: 'readOnly defaults to false (read/write). ReadOnly5984here will force the ReadOnly setting in VolumeMounts.5985More info: https://examples.k8s.io/mysql-cinder-pd/README.md'5986type: boolean5987secretRef:5988description: 'secretRef is optional: points to a secret5989object containing parameters used to connect to OpenStack.'5990properties:5991name:5992description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names5993TODO: Add other useful fields. apiVersion, kind, uid?'5994type: string5995type: object5996x-kubernetes-map-type: atomic5997volumeID:5998description: 'volumeID used to identify the volume in cinder.5999More info: https://examples.k8s.io/mysql-cinder-pd/README.md'6000type: string6001required:6002- volumeID6003type: object6004configMap:6005description: configMap represents a configMap that should populate6006this volume6007properties:6008defaultMode:6009description: 'defaultMode is optional: mode bits used to6010set permissions on created files by default. Must be an6011octal value between 0000 and 0777 or a decimal value between60120 and 511. YAML accepts both octal and decimal values,6013JSON requires decimal values for mode bits. Defaults to60140644. Directories within the path are not affected by6015this setting. This might be in conflict with other options6016that affect the file mode, like fsGroup, and the result6017can be other mode bits set.'6018format: int326019type: integer6020items:6021description: items if unspecified, each key-value pair in6022the Data field of the referenced ConfigMap will be projected6023into the volume as a file whose name is the key and content6024is the value. If specified, the listed keys will be projected6025into the specified paths, and unlisted keys will not be6026present. If a key is specified which is not present in6027the ConfigMap, the volume setup will error unless it is6028marked optional. Paths must be relative and may not contain6029the '..' path or start with '..'.6030items:6031description: Maps a string key to a path within a volume.6032properties:6033key:6034description: key is the key to project.6035type: string6036mode:6037description: 'mode is Optional: mode bits used to6038set permissions on this file. Must be an octal value6039between 0000 and 0777 or a decimal value between60400 and 511. YAML accepts both octal and decimal values,6041JSON requires decimal values for mode bits. If not6042specified, the volume defaultMode will be used.6043This might be in conflict with other options that6044affect the file mode, like fsGroup, and the result6045can be other mode bits set.'6046format: int326047type: integer6048path:6049description: path is the relative path of the file6050to map the key to. May not be an absolute path.6051May not contain the path element '..'. May not start6052with the string '..'.6053type: string6054required:6055- key6056- path6057type: object6058type: array6059name:6060description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names6061TODO: Add other useful fields. apiVersion, kind, uid?'6062type: string6063optional:6064description: optional specify whether the ConfigMap or its6065keys must be defined6066type: boolean6067type: object6068x-kubernetes-map-type: atomic6069csi:6070description: csi (Container Storage Interface) represents ephemeral6071storage that is handled by certain external CSI drivers (Beta6072feature).6073properties:6074driver:6075description: driver is the name of the CSI driver that handles6076this volume. Consult with your admin for the correct name6077as registered in the cluster.6078type: string6079fsType:6080description: fsType to mount. Ex. "ext4", "xfs", "ntfs".6081If not provided, the empty value is passed to the associated6082CSI driver which will determine the default filesystem6083to apply.6084type: string6085nodePublishSecretRef:6086description: nodePublishSecretRef is a reference to the6087secret object containing sensitive information to pass6088to the CSI driver to complete the CSI NodePublishVolume6089and NodeUnpublishVolume calls. This field is optional,6090and may be empty if no secret is required. If the secret6091object contains more than one secret, all secret references6092are passed.6093properties:6094name:6095description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names6096TODO: Add other useful fields. apiVersion, kind, uid?'6097type: string6098type: object6099x-kubernetes-map-type: atomic6100readOnly:6101description: readOnly specifies a read-only configuration6102for the volume. Defaults to false (read/write).6103type: boolean6104volumeAttributes:6105additionalProperties:6106type: string6107description: volumeAttributes stores driver-specific properties6108that are passed to the CSI driver. Consult your driver's6109documentation for supported values.6110type: object6111required:6112- driver6113type: object6114downwardAPI:6115description: downwardAPI represents downward API about the pod6116that should populate this volume6117properties:6118defaultMode:6119description: 'Optional: mode bits to use on created files6120by default. Must be a Optional: mode bits used to set6121permissions on created files by default. Must be an octal6122value between 0000 and 0777 or a decimal value between61230 and 511. YAML accepts both octal and decimal values,6124JSON requires decimal values for mode bits. Defaults to61250644. Directories within the path are not affected by6126this setting. This might be in conflict with other options6127that affect the file mode, like fsGroup, and the result6128can be other mode bits set.'6129format: int326130type: integer6131items:6132description: Items is a list of downward API volume file6133items:6134description: DownwardAPIVolumeFile represents information6135to create the file containing the pod field6136properties:6137fieldRef:6138description: 'Required: Selects a field of the pod:6139only annotations, labels, name and namespace are6140supported.'6141properties:6142apiVersion:6143description: Version of the schema the FieldPath6144is written in terms of, defaults to "v1".6145type: string6146fieldPath:6147description: Path of the field to select in the6148specified API version.6149type: string6150required:6151- fieldPath6152type: object6153x-kubernetes-map-type: atomic6154mode:6155description: 'Optional: mode bits used to set permissions6156on this file, must be an octal value between 00006157and 0777 or a decimal value between 0 and 511. YAML6158accepts both octal and decimal values, JSON requires6159decimal values for mode bits. If not specified,6160the volume defaultMode will be used. This might6161be in conflict with other options that affect the6162file mode, like fsGroup, and the result can be other6163mode bits set.'6164format: int326165type: integer6166path:6167description: 'Required: Path is the relative path6168name of the file to be created. Must not be absolute6169or contain the ''..'' path. Must be utf-8 encoded.6170The first item of the relative path must not start6171with ''..'''6172type: string6173resourceFieldRef:6174description: 'Selects a resource of the container:6175only resources limits and requests (limits.cpu,6176limits.memory, requests.cpu and requests.memory)6177are currently supported.'6178properties:6179containerName:6180description: 'Container name: required for volumes,6181optional for env vars'6182type: string6183divisor:6184anyOf:6185- type: integer6186- type: string6187description: Specifies the output format of the6188exposed resources, defaults to "1"6189pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$6190x-kubernetes-int-or-string: true6191resource:6192description: 'Required: resource to select'6193type: string6194required:6195- resource6196type: object6197x-kubernetes-map-type: atomic6198required:6199- path6200type: object6201type: array6202type: object6203emptyDir:6204description: 'emptyDir represents a temporary directory that6205shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'6206properties:6207medium:6208description: 'medium represents what type of storage medium6209should back this directory. The default is "" which means6210to use the node''s default medium. Must be an empty string6211(default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'6212type: string6213sizeLimit:6214anyOf:6215- type: integer6216- type: string6217description: 'sizeLimit is the total amount of local storage6218required for this EmptyDir volume. The size limit is also6219applicable for memory medium. The maximum usage on memory6220medium EmptyDir would be the minimum value between the6221SizeLimit specified here and the sum of memory limits6222of all containers in a pod. The default is nil which means6223that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'6224pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$6225x-kubernetes-int-or-string: true6226type: object6227ephemeral:6228description: "ephemeral represents a volume that is handled6229by a cluster storage driver. The volume's lifecycle is tied6230to the pod that defines it - it will be created before the6231pod starts, and deleted when the pod is removed. \n Use this6232if: a) the volume is only needed while the pod runs, b) features6233of normal volumes like restoring from snapshot or capacity6234tracking are needed, c) the storage driver is specified through6235a storage class, and d) the storage driver supports dynamic6236volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource6237for more information on the connection between this volume6238type and PersistentVolumeClaim). \n Use PersistentVolumeClaim6239or one of the vendor-specific APIs for volumes that persist6240for longer than the lifecycle of an individual pod. \n Use6241CSI for light-weight local ephemeral volumes if the CSI driver6242is meant to be used that way - see the documentation of the6243driver for more information. \n A pod can use both types of6244ephemeral volumes and persistent volumes at the same time."6245properties:6246volumeClaimTemplate:6247description: "Will be used to create a stand-alone PVC to6248provision the volume. The pod in which this EphemeralVolumeSource6249is embedded will be the owner of the PVC, i.e. the PVC6250will be deleted together with the pod. The name of the6251PVC will be `<pod name>-<volume name>` where `<volume6252name>` is the name from the `PodSpec.Volumes` array entry.6253Pod validation will reject the pod if the concatenated6254name is not valid for a PVC (for example, too long). \n6255An existing PVC with that name that is not owned by the6256pod will *not* be used for the pod to avoid using an unrelated6257volume by mistake. Starting the pod is then blocked until6258the unrelated PVC is removed. If such a pre-created PVC6259is meant to be used by the pod, the PVC has to updated6260with an owner reference to the pod once the pod exists.6261Normally this should not be necessary, but it may be useful6262when manually reconstructing a broken cluster. \n This6263field is read-only and no changes will be made by Kubernetes6264to the PVC after it has been created. \n Required, must6265not be nil."6266properties:6267metadata:6268description: May contain labels and annotations that6269will be copied into the PVC when creating it. No other6270fields are allowed and will be rejected during validation.6271type: object6272spec:6273description: The specification for the PersistentVolumeClaim.6274The entire content is copied unchanged into the PVC6275that gets created from this template. The same fields6276as in a PersistentVolumeClaim are also valid here.6277properties:6278accessModes:6279description: 'accessModes contains the desired access6280modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'6281items:6282type: string6283type: array6284dataSource:6285description: 'dataSource field can be used to specify6286either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)6287* An existing PVC (PersistentVolumeClaim) If the6288provisioner or an external controller can support6289the specified data source, it will create a new6290volume based on the contents of the specified6291data source. If the AnyVolumeDataSource feature6292gate is enabled, this field will always have the6293same contents as the DataSourceRef field.'6294properties:6295apiGroup:6296description: APIGroup is the group for the resource6297being referenced. If APIGroup is not specified,6298the specified Kind must be in the core API6299group. For any other third-party types, APIGroup6300is required.6301type: string6302kind:6303description: Kind is the type of resource being6304referenced6305type: string6306name:6307description: Name is the name of resource being6308referenced6309type: string6310required:6311- kind6312- name6313type: object6314x-kubernetes-map-type: atomic6315dataSourceRef:6316description: 'dataSourceRef specifies the object6317from which to populate the volume with data, if6318a non-empty volume is desired. This may be any6319local object from a non-empty API group (non core6320object) or a PersistentVolumeClaim object. When6321this field is specified, volume binding will only6322succeed if the type of the specified object matches6323some installed volume populator or dynamic provisioner.6324This field will replace the functionality of the6325DataSource field and as such if both fields are6326non-empty, they must have the same value. For6327backwards compatibility, both fields (DataSource6328and DataSourceRef) will be set to the same value6329automatically if one of them is empty and the6330other is non-empty. There are two important differences6331between DataSource and DataSourceRef: * While6332DataSource only allows two specific types of objects,6333DataSourceRef allows any non-core object, as well6334as PersistentVolumeClaim objects. * While DataSource6335ignores disallowed values (dropping them), DataSourceRef6336preserves all values, and generates an error if6337a disallowed value is specified. (Beta) Using6338this field requires the AnyVolumeDataSource feature6339gate to be enabled.'6340properties:6341apiGroup:6342description: APIGroup is the group for the resource6343being referenced. If APIGroup is not specified,6344the specified Kind must be in the core API6345group. For any other third-party types, APIGroup6346is required.6347type: string6348kind:6349description: Kind is the type of resource being6350referenced6351type: string6352name:6353description: Name is the name of resource being6354referenced6355type: string6356required:6357- kind6358- name6359type: object6360x-kubernetes-map-type: atomic6361resources:6362description: 'resources represents the minimum resources6363the volume should have. If RecoverVolumeExpansionFailure6364feature is enabled users are allowed to specify6365resource requirements that are lower than previous6366value but must still be higher than capacity recorded6367in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'6368properties:6369limits:6370additionalProperties:6371anyOf:6372- type: integer6373- type: string6374pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$6375x-kubernetes-int-or-string: true6376description: 'Limits describes the maximum amount6377of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'6378type: object6379requests:6380additionalProperties:6381anyOf:6382- type: integer6383- type: string6384pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$6385x-kubernetes-int-or-string: true6386description: 'Requests describes the minimum6387amount of compute resources required. If Requests6388is omitted for a container, it defaults to6389Limits if that is explicitly specified, otherwise6390to an implementation-defined value. More info:6391https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'6392type: object6393type: object6394selector:6395description: selector is a label query over volumes6396to consider for binding.6397properties:6398matchExpressions:6399description: matchExpressions is a list of label6400selector requirements. The requirements are6401ANDed.6402items:6403description: A label selector requirement6404is a selector that contains values, a key,6405and an operator that relates the key and6406values.6407properties:6408key:6409description: key is the label key that6410the selector applies to.6411type: string6412operator:6413description: operator represents a key's6414relationship to a set of values. Valid6415operators are In, NotIn, Exists and6416DoesNotExist.6417type: string6418values:6419description: values is an array of string6420values. If the operator is In or NotIn,6421the values array must be non-empty.6422If the operator is Exists or DoesNotExist,6423the values array must be empty. This6424array is replaced during a strategic6425merge patch.6426items:6427type: string6428type: array6429required:6430- key6431- operator6432type: object6433type: array6434matchLabels:6435additionalProperties:6436type: string6437description: matchLabels is a map of {key,value}6438pairs. A single {key,value} in the matchLabels6439map is equivalent to an element of matchExpressions,6440whose key field is "key", the operator is6441"In", and the values array contains only "value".6442The requirements are ANDed.6443type: object6444type: object6445x-kubernetes-map-type: atomic6446storageClassName:6447description: 'storageClassName is the name of the6448StorageClass required by the claim. More info:6449https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'6450type: string6451volumeMode:6452description: volumeMode defines what type of volume6453is required by the claim. Value of Filesystem6454is implied when not included in claim spec.6455type: string6456volumeName:6457description: volumeName is the binding reference6458to the PersistentVolume backing this claim.6459type: string6460type: object6461required:6462- spec6463type: object6464type: object6465fc:6466description: fc represents a Fibre Channel resource that is6467attached to a kubelet's host machine and then exposed to the6468pod.6469properties:6470fsType:6471description: 'fsType is the filesystem type to mount. Must6472be a filesystem type supported by the host operating system.6473Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"6474if unspecified. TODO: how do we prevent errors in the6475filesystem from compromising the machine'6476type: string6477lun:6478description: 'lun is Optional: FC target lun number'6479format: int326480type: integer6481readOnly:6482description: 'readOnly is Optional: Defaults to false (read/write).6483ReadOnly here will force the ReadOnly setting in VolumeMounts.'6484type: boolean6485targetWWNs:6486description: 'targetWWNs is Optional: FC target worldwide6487names (WWNs)'6488items:6489type: string6490type: array6491wwids:6492description: 'wwids Optional: FC volume world wide identifiers6493(wwids) Either wwids or combination of targetWWNs and6494lun must be set, but not both simultaneously.'6495items:6496type: string6497type: array6498type: object6499flexVolume:6500description: flexVolume represents a generic volume resource6501that is provisioned/attached using an exec based plugin.6502properties:6503driver:6504description: driver is the name of the driver to use for6505this volume.6506type: string6507fsType:6508description: fsType is the filesystem type to mount. Must6509be a filesystem type supported by the host operating system.6510Ex. "ext4", "xfs", "ntfs". The default filesystem depends6511on FlexVolume script.6512type: string6513options:6514additionalProperties:6515type: string6516description: 'options is Optional: this field holds extra6517command options if any.'6518type: object6519readOnly:6520description: 'readOnly is Optional: defaults to false (read/write).6521ReadOnly here will force the ReadOnly setting in VolumeMounts.'6522type: boolean6523secretRef:6524description: 'secretRef is Optional: secretRef is reference6525to the secret object containing sensitive information6526to pass to the plugin scripts. This may be empty if no6527secret object is specified. If the secret object contains6528more than one secret, all secrets are passed to the plugin6529scripts.'6530properties:6531name:6532description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names6533TODO: Add other useful fields. apiVersion, kind, uid?'6534type: string6535type: object6536x-kubernetes-map-type: atomic6537required:6538- driver6539type: object6540flocker:6541description: flocker represents a Flocker volume attached to6542a kubelet's host machine. This depends on the Flocker control6543service being running6544properties:6545datasetName:6546description: datasetName is Name of the dataset stored as6547metadata -> name on the dataset for Flocker should be6548considered as deprecated6549type: string6550datasetUUID:6551description: datasetUUID is the UUID of the dataset. This6552is unique identifier of a Flocker dataset6553type: string6554type: object6555gcePersistentDisk:6556description: 'gcePersistentDisk represents a GCE Disk resource6557that is attached to a kubelet''s host machine and then exposed6558to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'6559properties:6560fsType:6561description: 'fsType is filesystem type of the volume that6562you want to mount. Tip: Ensure that the filesystem type6563is supported by the host operating system. Examples: "ext4",6564"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.6565More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk6566TODO: how do we prevent errors in the filesystem from6567compromising the machine'6568type: string6569partition:6570description: 'partition is the partition in the volume that6571you want to mount. If omitted, the default is to mount6572by volume name. Examples: For volume /dev/sda1, you specify6573the partition as "1". Similarly, the volume partition6574for /dev/sda is "0" (or you can leave the property empty).6575More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'6576format: int326577type: integer6578pdName:6579description: 'pdName is unique name of the PD resource in6580GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'6581type: string6582readOnly:6583description: 'readOnly here will force the ReadOnly setting6584in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'6585type: boolean6586required:6587- pdName6588type: object6589gitRepo:6590description: 'gitRepo represents a git repository at a particular6591revision. DEPRECATED: GitRepo is deprecated. To provision6592a container with a git repo, mount an EmptyDir into an InitContainer6593that clones the repo using git, then mount the EmptyDir into6594the Pod''s container.'6595properties:6596directory:6597description: directory is the target directory name. Must6598not contain or start with '..'. If '.' is supplied, the6599volume directory will be the git repository. Otherwise,6600if specified, the volume will contain the git repository6601in the subdirectory with the given name.6602type: string6603repository:6604description: repository is the URL6605type: string6606revision:6607description: revision is the commit hash for the specified6608revision.6609type: string6610required:6611- repository6612type: object6613glusterfs:6614description: 'glusterfs represents a Glusterfs mount on the6615host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'6616properties:6617endpoints:6618description: 'endpoints is the endpoint name that details6619Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'6620type: string6621path:6622description: 'path is the Glusterfs volume path. More info:6623https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'6624type: string6625readOnly:6626description: 'readOnly here will force the Glusterfs volume6627to be mounted with read-only permissions. Defaults to6628false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'6629type: boolean6630required:6631- endpoints6632- path6633type: object6634hostPath:6635description: 'hostPath represents a pre-existing file or directory6636on the host machine that is directly exposed to the container.6637This is generally used for system agents or other privileged6638things that are allowed to see the host machine. Most containers6639will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath6640--- TODO(jonesdl) We need to restrict who can use host directory6641mounts and who can/can not mount host directories as read/write.'6642properties:6643path:6644description: 'path of the directory on the host. If the6645path is a symlink, it will follow the link to the real6646path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'6647type: string6648type:6649description: 'type for HostPath Volume Defaults to "" More6650info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'6651type: string6652required:6653- path6654type: object6655iscsi:6656description: 'iscsi represents an ISCSI Disk resource that is6657attached to a kubelet''s host machine and then exposed to6658the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'6659properties:6660chapAuthDiscovery:6661description: chapAuthDiscovery defines whether support iSCSI6662Discovery CHAP authentication6663type: boolean6664chapAuthSession:6665description: chapAuthSession defines whether support iSCSI6666Session CHAP authentication6667type: boolean6668fsType:6669description: 'fsType is the filesystem type of the volume6670that you want to mount. Tip: Ensure that the filesystem6671type is supported by the host operating system. Examples:6672"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"6673if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi6674TODO: how do we prevent errors in the filesystem from6675compromising the machine'6676type: string6677initiatorName:6678description: initiatorName is the custom iSCSI Initiator6679Name. If initiatorName is specified with iscsiInterface6680simultaneously, new iSCSI interface <target portal>:<volume6681name> will be created for the connection.6682type: string6683iqn:6684description: iqn is the target iSCSI Qualified Name.6685type: string6686iscsiInterface:6687description: iscsiInterface is the interface Name that uses6688an iSCSI transport. Defaults to 'default' (tcp).6689type: string6690lun:6691description: lun represents iSCSI Target Lun number.6692format: int326693type: integer6694portals:6695description: portals is the iSCSI Target Portal List. The6696portal is either an IP or ip_addr:port if the port is6697other than default (typically TCP ports 860 and 3260).6698items:6699type: string6700type: array6701readOnly:6702description: readOnly here will force the ReadOnly setting6703in VolumeMounts. Defaults to false.6704type: boolean6705secretRef:6706description: secretRef is the CHAP Secret for iSCSI target6707and initiator authentication6708properties:6709name:6710description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names6711TODO: Add other useful fields. apiVersion, kind, uid?'6712type: string6713type: object6714x-kubernetes-map-type: atomic6715targetPortal:6716description: targetPortal is iSCSI Target Portal. The Portal6717is either an IP or ip_addr:port if the port is other than6718default (typically TCP ports 860 and 3260).6719type: string6720required:6721- iqn6722- lun6723- targetPortal6724type: object6725name:6726description: 'name of the volume. Must be a DNS_LABEL and unique6727within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'6728type: string6729nfs:6730description: 'nfs represents an NFS mount on the host that shares6731a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'6732properties:6733path:6734description: 'path that is exported by the NFS server. More6735info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'6736type: string6737readOnly:6738description: 'readOnly here will force the NFS export to6739be mounted with read-only permissions. Defaults to false.6740More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'6741type: boolean6742server:6743description: 'server is the hostname or IP address of the6744NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'6745type: string6746required:6747- path6748- server6749type: object6750persistentVolumeClaim:6751description: 'persistentVolumeClaimVolumeSource represents a6752reference to a PersistentVolumeClaim in the same namespace.6753More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'6754properties:6755claimName:6756description: 'claimName is the name of a PersistentVolumeClaim6757in the same namespace as the pod using this volume. More6758info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'6759type: string6760readOnly:6761description: readOnly Will force the ReadOnly setting in6762VolumeMounts. Default false.6763type: boolean6764required:6765- claimName6766type: object6767photonPersistentDisk:6768description: photonPersistentDisk represents a PhotonController6769persistent disk attached and mounted on kubelets host machine6770properties:6771fsType:6772description: fsType is the filesystem type to mount. Must6773be a filesystem type supported by the host operating system.6774Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"6775if unspecified.6776type: string6777pdID:6778description: pdID is the ID that identifies Photon Controller6779persistent disk6780type: string6781required:6782- pdID6783type: object6784portworxVolume:6785description: portworxVolume represents a portworx volume attached6786and mounted on kubelets host machine6787properties:6788fsType:6789description: fSType represents the filesystem type to mount6790Must be a filesystem type supported by the host operating6791system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"6792if unspecified.6793type: string6794readOnly:6795description: readOnly defaults to false (read/write). ReadOnly6796here will force the ReadOnly setting in VolumeMounts.6797type: boolean6798volumeID:6799description: volumeID uniquely identifies a Portworx volume6800type: string6801required:6802- volumeID6803type: object6804projected:6805description: projected items for all in one resources secrets,6806configmaps, and downward API6807properties:6808defaultMode:6809description: defaultMode are the mode bits used to set permissions6810on created files by default. Must be an octal value between68110000 and 0777 or a decimal value between 0 and 511. YAML6812accepts both octal and decimal values, JSON requires decimal6813values for mode bits. Directories within the path are6814not affected by this setting. This might be in conflict6815with other options that affect the file mode, like fsGroup,6816and the result can be other mode bits set.6817format: int326818type: integer6819sources:6820description: sources is the list of volume projections6821items:6822description: Projection that may be projected along with6823other supported volume types6824properties:6825configMap:6826description: configMap information about the configMap6827data to project6828properties:6829items:6830description: items if unspecified, each key-value6831pair in the Data field of the referenced ConfigMap6832will be projected into the volume as a file6833whose name is the key and content is the value.6834If specified, the listed keys will be projected6835into the specified paths, and unlisted keys6836will not be present. If a key is specified which6837is not present in the ConfigMap, the volume6838setup will error unless it is marked optional.6839Paths must be relative and may not contain the6840'..' path or start with '..'.6841items:6842description: Maps a string key to a path within6843a volume.6844properties:6845key:6846description: key is the key to project.6847type: string6848mode:6849description: 'mode is Optional: mode bits6850used to set permissions on this file.6851Must be an octal value between 0000 and68520777 or a decimal value between 0 and6853511. YAML accepts both octal and decimal6854values, JSON requires decimal values for6855mode bits. If not specified, the volume6856defaultMode will be used. This might be6857in conflict with other options that affect6858the file mode, like fsGroup, and the result6859can be other mode bits set.'6860format: int326861type: integer6862path:6863description: path is the relative path of6864the file to map the key to. May not be6865an absolute path. May not contain the6866path element '..'. May not start with6867the string '..'.6868type: string6869required:6870- key6871- path6872type: object6873type: array6874name:6875description: 'Name of the referent. More info:6876https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names6877TODO: Add other useful fields. apiVersion, kind,6878uid?'6879type: string6880optional:6881description: optional specify whether the ConfigMap6882or its keys must be defined6883type: boolean6884type: object6885x-kubernetes-map-type: atomic6886downwardAPI:6887description: downwardAPI information about the downwardAPI6888data to project6889properties:6890items:6891description: Items is a list of DownwardAPIVolume6892file6893items:6894description: DownwardAPIVolumeFile represents6895information to create the file containing6896the pod field6897properties:6898fieldRef:6899description: 'Required: Selects a field6900of the pod: only annotations, labels,6901name and namespace are supported.'6902properties:6903apiVersion:6904description: Version of the schema the6905FieldPath is written in terms of,6906defaults to "v1".6907type: string6908fieldPath:6909description: Path of the field to select6910in the specified API version.6911type: string6912required:6913- fieldPath6914type: object6915x-kubernetes-map-type: atomic6916mode:6917description: 'Optional: mode bits used to6918set permissions on this file, must be6919an octal value between 0000 and 0777 or6920a decimal value between 0 and 511. YAML6921accepts both octal and decimal values,6922JSON requires decimal values for mode6923bits. If not specified, the volume defaultMode6924will be used. This might be in conflict6925with other options that affect the file6926mode, like fsGroup, and the result can6927be other mode bits set.'6928format: int326929type: integer6930path:6931description: 'Required: Path is the relative6932path name of the file to be created. Must6933not be absolute or contain the ''..''6934path. Must be utf-8 encoded. The first6935item of the relative path must not start6936with ''..'''6937type: string6938resourceFieldRef:6939description: 'Selects a resource of the6940container: only resources limits and requests6941(limits.cpu, limits.memory, requests.cpu6942and requests.memory) are currently supported.'6943properties:6944containerName:6945description: 'Container name: required6946for volumes, optional for env vars'6947type: string6948divisor:6949anyOf:6950- type: integer6951- type: string6952description: Specifies the output format6953of the exposed resources, defaults6954to "1"6955pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$6956x-kubernetes-int-or-string: true6957resource:6958description: 'Required: resource to6959select'6960type: string6961required:6962- resource6963type: object6964x-kubernetes-map-type: atomic6965required:6966- path6967type: object6968type: array6969type: object6970secret:6971description: secret information about the secret data6972to project6973properties:6974items:6975description: items if unspecified, each key-value6976pair in the Data field of the referenced Secret6977will be projected into the volume as a file6978whose name is the key and content is the value.6979If specified, the listed keys will be projected6980into the specified paths, and unlisted keys6981will not be present. If a key is specified which6982is not present in the Secret, the volume setup6983will error unless it is marked optional. Paths6984must be relative and may not contain the '..'6985path or start with '..'.6986items:6987description: Maps a string key to a path within6988a volume.6989properties:6990key:6991description: key is the key to project.6992type: string6993mode:6994description: 'mode is Optional: mode bits6995used to set permissions on this file.6996Must be an octal value between 0000 and69970777 or a decimal value between 0 and6998511. YAML accepts both octal and decimal6999values, JSON requires decimal values for7000mode bits. If not specified, the volume7001defaultMode will be used. This might be7002in conflict with other options that affect7003the file mode, like fsGroup, and the result7004can be other mode bits set.'7005format: int327006type: integer7007path:7008description: path is the relative path of7009the file to map the key to. May not be7010an absolute path. May not contain the7011path element '..'. May not start with7012the string '..'.7013type: string7014required:7015- key7016- path7017type: object7018type: array7019name:7020description: 'Name of the referent. More info:7021https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names7022TODO: Add other useful fields. apiVersion, kind,7023uid?'7024type: string7025optional:7026description: optional field specify whether the7027Secret or its key must be defined7028type: boolean7029type: object7030x-kubernetes-map-type: atomic7031serviceAccountToken:7032description: serviceAccountToken is information about7033the serviceAccountToken data to project7034properties:7035audience:7036description: audience is the intended audience7037of the token. A recipient of a token must identify7038itself with an identifier specified in the audience7039of the token, and otherwise should reject the7040token. The audience defaults to the identifier7041of the apiserver.7042type: string7043expirationSeconds:7044description: expirationSeconds is the requested7045duration of validity of the service account7046token. As the token approaches expiration, the7047kubelet volume plugin will proactively rotate7048the service account token. The kubelet will7049start trying to rotate the token if the token7050is older than 80 percent of its time to live7051or if the token is older than 24 hours.Defaults7052to 1 hour and must be at least 10 minutes.7053format: int647054type: integer7055path:7056description: path is the path relative to the7057mount point of the file to project the token7058into.7059type: string7060required:7061- path7062type: object7063type: object7064type: array7065type: object7066quobyte:7067description: quobyte represents a Quobyte mount on the host7068that shares a pod's lifetime7069properties:7070group:7071description: group to map volume access to Default is no7072group7073type: string7074readOnly:7075description: readOnly here will force the Quobyte volume7076to be mounted with read-only permissions. Defaults to7077false.7078type: boolean7079registry:7080description: registry represents a single or multiple Quobyte7081Registry services specified as a string as host:port pair7082(multiple entries are separated with commas) which acts7083as the central registry for volumes7084type: string7085tenant:7086description: tenant owning the given Quobyte volume in the7087Backend Used with dynamically provisioned Quobyte volumes,7088value is set by the plugin7089type: string7090user:7091description: user to map volume access to Defaults to serivceaccount7092user7093type: string7094volume:7095description: volume is a string that references an already7096created Quobyte volume by name.7097type: string7098required:7099- registry7100- volume7101type: object7102rbd:7103description: 'rbd represents a Rados Block Device mount on the7104host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'7105properties:7106fsType:7107description: 'fsType is the filesystem type of the volume7108that you want to mount. Tip: Ensure that the filesystem7109type is supported by the host operating system. Examples:7110"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"7111if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd7112TODO: how do we prevent errors in the filesystem from7113compromising the machine'7114type: string7115image:7116description: 'image is the rados image name. More info:7117https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'7118type: string7119keyring:7120description: 'keyring is the path to key ring for RBDUser.7121Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'7122type: string7123monitors:7124description: 'monitors is a collection of Ceph monitors.7125More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'7126items:7127type: string7128type: array7129pool:7130description: 'pool is the rados pool name. Default is rbd.7131More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'7132type: string7133readOnly:7134description: 'readOnly here will force the ReadOnly setting7135in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'7136type: boolean7137secretRef:7138description: 'secretRef is name of the authentication secret7139for RBDUser. If provided overrides keyring. Default is7140nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'7141properties:7142name:7143description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names7144TODO: Add other useful fields. apiVersion, kind, uid?'7145type: string7146type: object7147x-kubernetes-map-type: atomic7148user:7149description: 'user is the rados user name. Default is admin.7150More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'7151type: string7152required:7153- image7154- monitors7155type: object7156scaleIO:7157description: scaleIO represents a ScaleIO persistent volume7158attached and mounted on Kubernetes nodes.7159properties:7160fsType:7161description: fsType is the filesystem type to mount. Must7162be a filesystem type supported by the host operating system.7163Ex. "ext4", "xfs", "ntfs". Default is "xfs".7164type: string7165gateway:7166description: gateway is the host address of the ScaleIO7167API Gateway.7168type: string7169protectionDomain:7170description: protectionDomain is the name of the ScaleIO7171Protection Domain for the configured storage.7172type: string7173readOnly:7174description: readOnly Defaults to false (read/write). ReadOnly7175here will force the ReadOnly setting in VolumeMounts.7176type: boolean7177secretRef:7178description: secretRef references to the secret for ScaleIO7179user and other sensitive information. If this is not provided,7180Login operation will fail.7181properties:7182name:7183description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names7184TODO: Add other useful fields. apiVersion, kind, uid?'7185type: string7186type: object7187x-kubernetes-map-type: atomic7188sslEnabled:7189description: sslEnabled Flag enable/disable SSL communication7190with Gateway, default false7191type: boolean7192storageMode:7193description: storageMode indicates whether the storage for7194a volume should be ThickProvisioned or ThinProvisioned.7195Default is ThinProvisioned.7196type: string7197storagePool:7198description: storagePool is the ScaleIO Storage Pool associated7199with the protection domain.7200type: string7201system:7202description: system is the name of the storage system as7203configured in ScaleIO.7204type: string7205volumeName:7206description: volumeName is the name of a volume already7207created in the ScaleIO system that is associated with7208this volume source.7209type: string7210required:7211- gateway7212- secretRef7213- system7214type: object7215secret:7216description: 'secret represents a secret that should populate7217this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'7218properties:7219defaultMode:7220description: 'defaultMode is Optional: mode bits used to7221set permissions on created files by default. Must be an7222octal value between 0000 and 0777 or a decimal value between72230 and 511. YAML accepts both octal and decimal values,7224JSON requires decimal values for mode bits. Defaults to72250644. Directories within the path are not affected by7226this setting. This might be in conflict with other options7227that affect the file mode, like fsGroup, and the result7228can be other mode bits set.'7229format: int327230type: integer7231items:7232description: items If unspecified, each key-value pair in7233the Data field of the referenced Secret will be projected7234into the volume as a file whose name is the key and content7235is the value. If specified, the listed keys will be projected7236into the specified paths, and unlisted keys will not be7237present. If a key is specified which is not present in7238the Secret, the volume setup will error unless it is marked7239optional. Paths must be relative and may not contain the7240'..' path or start with '..'.7241items:7242description: Maps a string key to a path within a volume.7243properties:7244key:7245description: key is the key to project.7246type: string7247mode:7248description: 'mode is Optional: mode bits used to7249set permissions on this file. Must be an octal value7250between 0000 and 0777 or a decimal value between72510 and 511. YAML accepts both octal and decimal values,7252JSON requires decimal values for mode bits. If not7253specified, the volume defaultMode will be used.7254This might be in conflict with other options that7255affect the file mode, like fsGroup, and the result7256can be other mode bits set.'7257format: int327258type: integer7259path:7260description: path is the relative path of the file7261to map the key to. May not be an absolute path.7262May not contain the path element '..'. May not start7263with the string '..'.7264type: string7265required:7266- key7267- path7268type: object7269type: array7270optional:7271description: optional field specify whether the Secret or7272its keys must be defined7273type: boolean7274secretName:7275description: 'secretName is the name of the secret in the7276pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'7277type: string7278type: object7279storageos:7280description: storageOS represents a StorageOS volume attached7281and mounted on Kubernetes nodes.7282properties:7283fsType:7284description: fsType is the filesystem type to mount. Must7285be a filesystem type supported by the host operating system.7286Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"7287if unspecified.7288type: string7289readOnly:7290description: readOnly defaults to false (read/write). ReadOnly7291here will force the ReadOnly setting in VolumeMounts.7292type: boolean7293secretRef:7294description: secretRef specifies the secret to use for obtaining7295the StorageOS API credentials. If not specified, default7296values will be attempted.7297properties:7298name:7299description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names7300TODO: Add other useful fields. apiVersion, kind, uid?'7301type: string7302type: object7303x-kubernetes-map-type: atomic7304volumeName:7305description: volumeName is the human-readable name of the7306StorageOS volume. Volume names are only unique within7307a namespace.7308type: string7309volumeNamespace:7310description: volumeNamespace specifies the scope of the7311volume within StorageOS. If no namespace is specified7312then the Pod's namespace will be used. This allows the7313Kubernetes name scoping to be mirrored within StorageOS7314for tighter integration. Set VolumeName to any name to7315override the default behaviour. Set to "default" if you7316are not using namespaces within StorageOS. Namespaces7317that do not pre-exist within StorageOS will be created.7318type: string7319type: object7320vsphereVolume:7321description: vsphereVolume represents a vSphere volume attached7322and mounted on kubelets host machine7323properties:7324fsType:7325description: fsType is filesystem type to mount. Must be7326a filesystem type supported by the host operating system.7327Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"7328if unspecified.7329type: string7330storagePolicyID:7331description: storagePolicyID is the storage Policy Based7332Management (SPBM) profile ID associated with the StoragePolicyName.7333type: string7334storagePolicyName:7335description: storagePolicyName is the storage Policy Based7336Management (SPBM) profile name.7337type: string7338volumePath:7339description: volumePath is the path that identifies vSphere7340volume vmdk7341type: string7342required:7343- volumePath7344type: object7345required:7346- name7347type: object7348type: array7349type: object7350type: object7351served: true7352storage: true735373547355