easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1552 from PhilipGough/release-0.10-prep

Browse Source 
Prep for release-0.10
This commit is contained in:
Philip Gough
2021-12-17 12:24:39 +00:00
committed by GitHub
parent 3652ff073e c6dc6c7d1e
commit 4d6f45c5f0
7 changed files with 862 additions and 322 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
CHANGELOG.md
View File

@@ -1,3 +1,30 @@
## release-0.10 / 2021-12-17
* [CHANGE] Adjust node filesystem space filling up warning threshold to 20% [#1357](https://github.com/prometheus-operator/kube-prometheus/pull/1357)
* [CHANGE] Always generate grafana-config secret [#1373](https://github.com/prometheus-operator/kube-prometheus/pull/1373)
* [CHANGE] Make filesystem ignored mount points configurable for node-exporter [#1376](https://github.com/prometheus-operator/kube-prometheus/pull/1376)
* [CHANGE] Drop some high cardinality cAdvisor metrics [#1406](https://github.com/prometheus-operator/kube-prometheus/pull/1406), [#1396](https://github.com/prometheus-operator/kube-prometheus/pull/1396)
* [CHANGE] Use `--collector.filesystem.mount-points-exclude` instead of deprecated `--collector.filesystem.ignored-mount-points` argument for `node-exporter` [#1407](https://github.com/prometheus-operator/kube-prometheus/pull/1407)
* [CHANGE] Drop some of prometheus-adapter metrics that are inherited from the apiserver code but aren't useful in the context of prometheus-adapter [#1409](https://github.com/prometheus-operator/kube-prometheus/pull/1409)
* [CHANGE] Remove "app" label selector deprecated by Prometheus-operator [#1420](https://github.com/prometheus-operator/kube-prometheus/pull/1420)
* [CHANGE] Use recommended instance label for Prometheus/Alertmanager resources [#1520](https://github.com/prometheus-operator/kube-prometheus/pull/1520)
* [CHANGE] Drop deprecated apiserver_longrunning_gauge and apiserver_registered_watchers metrics [#1553](https://github.com/prometheus-operator/kube-prometheus/pull/1553)
* [CHANGE] Drop deprecated coredns_cache_misses_total [#1553](https://github.com/prometheus-operator/kube-prometheus/pull/1553)
* [ENHANCEMENT] Add support for LDAP authentication in Grafana [#1455](https://github.com/prometheus-operator/kube-prometheus/pull/1445)
* [ENHANCEMENT] Include rewritten kubernetes-grafana for easier usage of new library features [#1450](https://github.com/prometheus-operator/kube-prometheus/pull/1450)
* [ENHANCEMENT] Specify default container in node-exporter pod [#1462](https://github.com/prometheus-operator/kube-prometheus/pull/1462)
* [ENHANCEMENT] Make metadata consistent across objects in the same component [#1471](https://github.com/prometheus-operator/kube-prometheus/pull/1471)
* [ENHANCEMENT] Establish convention for default field types [#1475](https://github.com/prometheus-operator/kube-prometheus/pull/1475)
* [ENHANCEMENT] Exclude k3s containerd mountpoints [#1497](https://github.com/prometheus-operator/kube-prometheus/pull/1497)
* [ENHANCEMENT] Alertmanager now uses the new `matcher` syntax in the routing tree and inhibition rules [#1508](https://github.com/prometheus-operator/kube-prometheus/pull/1508)
* [ENHANCEMENT] Deprecate `thanosSelector` and expose `mixin._config.thanos` config variable for thanos sidecar [#1543](https://github.com/prometheus-operator/kube-prometheus/pull/1543)
* [FEATURE] Support scraping config-reloader sidecar for Prometheus and AlertManager StatefulSets [#1344](https://github.com/prometheus-operator/kube-prometheus/pull/1344)
* [FEATURE] Expose prometheus alerting configuration in $.values.prometheus configuration [#1476](https://github.com/prometheus-operator/kube-prometheus/pull/1476)
* [BUGFIX] Remove deprecated policy/v1beta1 Kubernetes API [#1433](https://github.com/prometheus-operator/kube-prometheus/pull/1433)
* [BUGFIX] Fix prometheus URL in prometheus-adapter [#1463](https://github.com/prometheus-operator/kube-prometheus/pull/1463)
* [BUGFIX] Always use proper values scope for namespace in addons [#1518](https://github.com/prometheus-operator/kube-prometheus/pull/1518)
* [BUGFIX] Fix default empty groups for k8s PrometheusRule [#1534](https://github.com/prometheus-operator/kube-prometheus/pull/1534)
## release-0.9 / 2021-08-19
* [CHANGE] Test against Kubernetes 1.21 and 1,22. #1161 #1337

14
README.md
View File

@@ -91,13 +91,13 @@ $ minikube addons disable metrics-server
The following versions are supported and work as we test against these versions in their respective branches. But note that other versions might work!
| kube-prometheus stack | Kubernetes 1.18 | Kubernetes 1.19 | Kubernetes 1.20 | Kubernetes 1.21 | Kubernetes 1.22 | Kubernetes 1.23 |
|------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------|
| [`release-0.6`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.6) | ✗ | ✔ | | ✗ | ✗ | ✗ |
| [`release-0.7`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.7) | ✗ | ✔ | ✔ | ✗ | ✗ | ✗ |
| [`release-0.8`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.8) | ✗ | ✗ | ✔ | ✔ | ✗ | ✗ |
| [`release-0.9`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.9) | ✗ | ✗ | ✗ | ✔ | ✔ | ✗ |
| [`main`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | ✗ | ✗ | ✗ | ✗ | ✔ | ✔ |
| kube-prometheus stack | Kubernetes 1.19 | Kubernetes 1.20 | Kubernetes 1.21 | Kubernetes 1.22 | Kubernetes 1.23 |
|--------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-----------------|-----------------|
| [`release-0.7`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.7) | ✔ | | ✗ | ✗ | ✗ |
| [`release-0.8`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.8) | ✗ | ✔ | ✔ | ✗ | ✗ |
| [`release-0.9`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.9) | ✗ | ✗ | ✔ | ✔ | ✗ |
| [`release-0.10`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.10) | ✗ | ✗ | ✗ | ✔ | ✔ |
| [`main`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | ✗ | ✗ | ✗ | ✔ | ✔ |
## Quickstart

22
jsonnet/kube-prometheus/jsonnetfile.json
View File

@@ -8,7 +8,7 @@
"subdir": "grafana"
}
},
"version": "master"
"version": "199e363523104ff8b3a12483a4e3eca86372b078"
},
{
"source": {
@@ -17,7 +17,7 @@
"subdir": "contrib/mixin"
}
},
"version": "main"
"version": "release-3.5"
},
{
"source": {
@@ -26,7 +26,7 @@
"subdir": "jsonnet/prometheus-operator"
}
},
"version": "main"
"version": "release-0.53"
},
{
"source": {
@@ -35,7 +35,7 @@
"subdir": "jsonnet/mixin"
}
},
"version": "main",
"version": "release-0.53",
"name": "prometheus-operator-mixin"
},
{
@@ -45,7 +45,7 @@
"subdir": ""
}
},
"version": "master"
"version": "release-0.10"
},
{
"source": {
@@ -54,7 +54,7 @@
"subdir": "jsonnet/kube-state-metrics"
}
},
"version": "master"
"version": "release-2.3"
},
{
"source": {
@@ -63,7 +63,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin"
}
},
"version": "master"
"version": "release-2.3"
},
{
"source": {
@@ -72,7 +72,7 @@
"subdir": "docs/node-mixin"
}
},
"version": "master"
"version": "release-1.3"
},
{
"source": {
@@ -81,7 +81,7 @@
"subdir": "documentation/prometheus-mixin"
}
},
"version": "main",
"version": "release-2.32",
"name": "prometheus"
},
{
@@ -91,7 +91,7 @@
"subdir": "doc/alertmanager-mixin"
}
},
"version": "main",
"version": "release-0.23",
"name": "alertmanager"
},
{
@@ -101,7 +101,7 @@
"subdir": "mixin"
}
},
"version": "main",
"version": "release-0.23",
"name": "thanos-mixin"
}
],

32
jsonnetfile.lock.json
View File

@@ -18,8 +18,8 @@
"subdir": "contrib/mixin"
}
},
"version": "29292aa7bdafaf65cb5e054591fe0ff07b36f5ee",
"sum": "cdKL5kPYfpWSpTCu4qctmh+gWQqL+4YWom6rw9qLYJU="
"version": "73080a716634f45d50d0593e0454ed3206a52f5b",
"sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
},
{
"source": {
@@ -38,7 +38,7 @@
"subdir": "grafana-builder"
}
},
"version": "b102f9ac7d1290ac025c2a7ac99f7fd9a9948503",
"version": "3f17cac91d85f4e79d00373e3a8e7ad82d9cefbf",
"sum": "0KkygBQd/AFzUvVzezE4qF/uDYgrwUXVpZfINBti0oc="
},
{
@@ -48,8 +48,8 @@
"subdir": ""
}
},
"version": "9821d07e94e9a9916575a234fb699ae3331fa939",
"sum": "xubNXyvDwUw9GZzi9BRb6ob3bYzfoMr5F5zCVn2d7ag="
"version": "b538a10c89508f8d12885680cca72a134d3127f5",
"sum": "GLt5T2k4RKg36Gfcaf9qlTfVumDitqotVD0ipz/bPJ4="
},
{
"source": {
@@ -58,7 +58,7 @@
"subdir": "lib/promgrafonnet"
}
},
"version": "9821d07e94e9a9916575a234fb699ae3331fa939",
"version": "fd913499e956da06f520c3784c59573ee552b152",
"sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps="
},
{
@@ -68,7 +68,7 @@
"subdir": "jsonnet/kube-state-metrics"
}
},
"version": "b761b5382bdd85d7af915516f48cba1c46859c1d",
"version": "b550d7a3bce031bdb51c4bf21cc992a785fc3188",
"sum": "U1wzIpTAtOvC1yj43Y8PfvT0JfvnAcMfNH12Wi+ab0Y="
},
{
@@ -78,7 +78,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin"
}
},
"version": "b761b5382bdd85d7af915516f48cba1c46859c1d",
"version": "b550d7a3bce031bdb51c4bf21cc992a785fc3188",
"sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk="
},
{
@@ -88,7 +88,7 @@
"subdir": "jsonnet/mixin"
}
},
"version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7",
"version": "1b4cc829251a4c129615efe707d9403c7248888e",
"sum": "qZ4WgiweaE6eeKtFK60QUjLO8sf2L9Q8fgafWvDcyfY=",
"name": "prometheus-operator-mixin"
},
@@ -99,8 +99,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
"version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7",
"sum": "Vr2IY6Uz1lYYyGDF7QaEAVkJwAtOEikCfuXJN2eAUM0="
"version": "1b4cc829251a4c129615efe707d9403c7248888e",
"sum": "9R1mw4Tz0/1V1QWkJMzqE4+iXXONEfYVikW8Mj5AOcA="
},
{
"source": {
@@ -109,7 +109,7 @@
"subdir": "doc/alertmanager-mixin"
}
},
"version": "e2a10119aaf7777fa523d216e05897c5b719134c",
"version": "16fa045db47d68a09a102c7b80b8899c1f57c153",
"sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=",
"name": "alertmanager"
},
@@ -120,7 +120,7 @@
"subdir": "docs/node-mixin"
}
},
"version": "7dbf35891570f9ce3bccb25a55176ea4923b35dd",
"version": "a2321e7b940ddcff26873612bccdf7cd4c42b6b6",
"sum": "MlWDAKGZ+JArozRKdKEvewHeWn8j2DNBzesJfLVd0dk="
},
{
@@ -130,7 +130,7 @@
"subdir": "documentation/prometheus-mixin"
}
},
"version": "6f3e664ae712850b020d95c5c8b8a6ff841803bd",
"version": "67a64ee092b79e797ea9aa46856a15c435093c7e",
"sum": "ZjQoYhvgKwJNkg+h+m9lW3SYjnjv5Yx5btEipLhru88=",
"name": "prometheus"
},
@@ -141,8 +141,8 @@
"subdir": "mixin"
}
},
"version": "9a26b0edee19a06c6e99a09e33ebceca734c91f9",
"sum": "1Y1cPIeoPg2nCAEhKPCt8bAGuwuOP2eZ3kVF432mlMA=",
"version": "632032712f12eea0015aaef24ee1e14f38ef3e55",
"sum": "X+060DnePPeN/87fgj0SrfxVitywTk8hZA9V4nHxl1g=",
"name": "thanos-mixin"
},
{

363
manifests/setup/0alertmanagerCustomResourceDefinition.yaml
View File

@@ -1222,8 +1222,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1284,9 +1283,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1309,18 +1309,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
crashes or exits. The Pod''s termination grace period
countdown begins before the PreStop hook is executed.
Regardless of the outcome of the handler, the container
will eventually terminate within the Pod''s termination
grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until
the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1381,9 +1379,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1408,8 +1407,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1430,6 +1428,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1493,9 +1510,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1593,8 +1609,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1615,6 +1630,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1678,9 +1712,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1761,12 +1794,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
2) has CAP_SYS_ADMIN Note that this field cannot be set
when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
the container runtime. Note that this field cannot be
set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -1786,25 +1821,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
root on the host. Defaults to false. Note that this field
cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
feature flag to be enabled. Note that this field cannot
be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
filesystem. Default is false. Note that this field cannot
be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -1822,7 +1861,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
value specified in SecurityContext takes precedence. Note
that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -1831,7 +1871,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -1854,6 +1895,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
Note that this field cannot be set when spec.os.name is
windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -1879,6 +1922,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is
linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -1924,8 +1969,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1946,6 +1990,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2009,9 +2072,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2416,8 +2478,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2478,9 +2539,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2503,18 +2565,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
crashes or exits. The Pod''s termination grace period
countdown begins before the PreStop hook is executed.
Regardless of the outcome of the handler, the container
will eventually terminate within the Pod''s termination
grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until
the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2575,9 +2635,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2602,8 +2663,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2624,6 +2684,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2687,9 +2766,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2787,8 +2865,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2809,6 +2886,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2872,9 +2968,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2955,12 +3050,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
2) has CAP_SYS_ADMIN Note that this field cannot be set
when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
the container runtime. Note that this field cannot be
set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -2980,25 +3077,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
root on the host. Defaults to false. Note that this field
cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
feature flag to be enabled. Note that this field cannot
be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
filesystem. Default is false. Note that this field cannot
be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3016,7 +3117,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
value specified in SecurityContext takes precedence. Note
that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3025,7 +3127,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -3048,6 +3151,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
Note that this field cannot be set when spec.os.name is
windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3073,6 +3178,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is
linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3118,8 +3225,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3140,6 +3246,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3203,9 +3328,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3483,7 +3607,8 @@ spec:
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
any volume."
any volume. Note that this field cannot be set when spec.os.name
is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -3493,13 +3618,15 @@ spec:
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
If not specified, "Always" is used.'
If not specified, "Always" is used. Note that this field cannot
be set when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3516,7 +3643,8 @@ spec:
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container.
takes precedence for that container. Note that this field cannot
be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3525,6 +3653,7 @@ spec:
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies to
@@ -3545,7 +3674,8 @@ spec:
type: object
seccompProfile:
description: The seccomp options to use by the containers in this
pod.
pod. Note that this field cannot be set when spec.os.name is
windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3567,7 +3697,8 @@ spec:
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
unspecified, no groups will be added to any container.
unspecified, no groups will be added to any container. Note
that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -3575,7 +3706,8 @@ spec:
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
might fail to launch.
might fail to launch. Note that this field cannot be set when
spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be set
properties:
@@ -3594,7 +3726,8 @@ spec:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
the value specified in SecurityContext takes precedence. Note
that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3789,7 +3922,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify
resource requirements that are lower than previous
value but must still be higher than capacity recorded
in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4004,7 +4141,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify resource
requirements that are lower than previous value but
must still be higher than capacity recorded in the status
field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4100,6 +4241,27 @@ spec:
items:
type: string
type: array
allocatedResources:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: The storage resource within AllocatedResources
tracks the capacity allocated to a PVC. It may be larger
than the actual capacity when a volume expansion operation
is requested. For storage quota, the larger value from
allocatedResources and PVC.spec.resources is used. If
allocatedResources is not set, PVC.spec.resources alone
is used for quota calculation. If a volume expansion
capacity request is lowered, allocatedResources is only
lowered if there are no expansion operations in progress
and if the actual volume capacity is equal or lower
than the requested capacity. This is an alpha field
and requires enabling RecoverVolumeExpansionFailure
feature.
type: object
capacity:
additionalProperties:
anyOf:
@@ -4152,6 +4314,13 @@ spec:
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
resizeStatus:
description: ResizeStatus stores status of resize operation.
ResizeStatus is not set by default but when expansion
is complete resizeStatus is set to empty string by resize
controller or kubelet. This is an alpha field and requires
enabling RecoverVolumeExpansionFailure feature.
type: string
type: object
type: object
type: object
@@ -4284,7 +4453,7 @@ spec:
tells the scheduler to schedule the pod in any location, but
giving higher precedence to topologies that would help reduce
the skew. A constraint is considered "Unsatisfiable" for
an incoming pod if and only if every possible node assigment
an incoming pod if and only if every possible node assignment
for that pod would violate "MaxSkew" on some topology. For
example, in a 3-zone cluster, MaxSkew is set to 1, and pods
with the same labelSelector spread as 3/1/1: | zone1 | zone2
@@ -4747,9 +4916,7 @@ spec:
volumes if the CSI driver is meant to be used that way - see
the documentation of the driver for more information. \n A
pod can use both types of ephemeral volumes and persistent
volumes at the same time. \n This is a beta feature and only
available when the GenericEphemeralVolume feature gate is
enabled."
volumes at the same time."
properties:
volumeClaimTemplate:
description: "Will be used to create a stand-alone PVC to
@@ -4866,7 +5033,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify
resource requirements that are lower than previous
value but must still be higher than capacity recorded
in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:

363
manifests/setup/0prometheusCustomResourceDefinition.yaml
View File

@@ -1636,8 +1636,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1698,9 +1697,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1723,18 +1723,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
crashes or exits. The Pod''s termination grace period
countdown begins before the PreStop hook is executed.
Regardless of the outcome of the handler, the container
will eventually terminate within the Pod''s termination
grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until
the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1795,9 +1793,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1822,8 +1821,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1844,6 +1842,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1907,9 +1924,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2007,8 +2023,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2029,6 +2044,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2092,9 +2126,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2175,12 +2208,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
2) has CAP_SYS_ADMIN Note that this field cannot be set
when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
the container runtime. Note that this field cannot be
set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -2200,25 +2235,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
root on the host. Defaults to false. Note that this field
cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
feature flag to be enabled. Note that this field cannot
be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
filesystem. Default is false. Note that this field cannot
be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -2236,7 +2275,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
value specified in SecurityContext takes precedence. Note
that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -2245,7 +2285,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -2268,6 +2309,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
Note that this field cannot be set when spec.os.name is
windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -2293,6 +2336,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is
linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -2338,8 +2383,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2360,6 +2404,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2423,9 +2486,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2921,8 +2983,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2983,9 +3044,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -3008,18 +3070,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
crashes or exits. The Pod''s termination grace period
countdown begins before the PreStop hook is executed.
Regardless of the outcome of the handler, the container
will eventually terminate within the Pod''s termination
grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until
the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3080,9 +3140,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -3107,8 +3168,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3129,6 +3189,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3192,9 +3271,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3292,8 +3370,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3314,6 +3391,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3377,9 +3473,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3460,12 +3555,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
2) has CAP_SYS_ADMIN Note that this field cannot be set
when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
the container runtime. Note that this field cannot be
set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -3485,25 +3582,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
root on the host. Defaults to false. Note that this field
cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
feature flag to be enabled. Note that this field cannot
be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
filesystem. Default is false. Note that this field cannot
be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3521,7 +3622,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
value specified in SecurityContext takes precedence. Note
that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3530,7 +3632,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -3553,6 +3656,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
Note that this field cannot be set when spec.os.name is
windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3578,6 +3683,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is
linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3623,8 +3730,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3645,6 +3751,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3708,9 +3833,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -5182,7 +5306,8 @@ spec:
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
any volume."
any volume. Note that this field cannot be set when spec.os.name
is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -5192,13 +5317,15 @@ spec:
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
If not specified, "Always" is used.'
If not specified, "Always" is used. Note that this field cannot
be set when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -5215,7 +5342,8 @@ spec:
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container.
takes precedence for that container. Note that this field cannot
be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -5224,6 +5352,7 @@ spec:
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies to
@@ -5244,7 +5373,8 @@ spec:
type: object
seccompProfile:
description: The seccomp options to use by the containers in this
pod.
pod. Note that this field cannot be set when spec.os.name is
windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -5266,7 +5396,8 @@ spec:
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
unspecified, no groups will be added to any container.
unspecified, no groups will be added to any container. Note
that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -5274,7 +5405,8 @@ spec:
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
might fail to launch.
might fail to launch. Note that this field cannot be set when
spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be set
properties:
@@ -5293,7 +5425,8 @@ spec:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
the value specified in SecurityContext takes precedence. Note
that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -5589,7 +5722,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify
resource requirements that are lower than previous
value but must still be higher than capacity recorded
in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -5804,7 +5941,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify resource
requirements that are lower than previous value but
must still be higher than capacity recorded in the status
field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -5900,6 +6041,27 @@ spec:
items:
type: string
type: array
allocatedResources:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: The storage resource within AllocatedResources
tracks the capacity allocated to a PVC. It may be larger
than the actual capacity when a volume expansion operation
is requested. For storage quota, the larger value from
allocatedResources and PVC.spec.resources is used. If
allocatedResources is not set, PVC.spec.resources alone
is used for quota calculation. If a volume expansion
capacity request is lowered, allocatedResources is only
lowered if there are no expansion operations in progress
and if the actual volume capacity is equal or lower
than the requested capacity. This is an alpha field
and requires enabling RecoverVolumeExpansionFailure
feature.
type: object
capacity:
additionalProperties:
anyOf:
@@ -5952,6 +6114,13 @@ spec:
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
resizeStatus:
description: ResizeStatus stores status of resize operation.
ResizeStatus is not set by default but when expansion
is complete resizeStatus is set to empty string by resize
controller or kubelet. This is an alpha field and requires
enabling RecoverVolumeExpansionFailure feature.
type: string
type: object
type: object
type: object
@@ -6389,7 +6558,7 @@ spec:
tells the scheduler to schedule the pod in any location, but
giving higher precedence to topologies that would help reduce
the skew. A constraint is considered "Unsatisfiable" for
an incoming pod if and only if every possible node assigment
an incoming pod if and only if every possible node assignment
for that pod would violate "MaxSkew" on some topology. For
example, in a 3-zone cluster, MaxSkew is set to 1, and pods
with the same labelSelector spread as 3/1/1: | zone1 | zone2
@@ -6852,9 +7021,7 @@ spec:
volumes if the CSI driver is meant to be used that way - see
the documentation of the driver for more information. \n A
pod can use both types of ephemeral volumes and persistent
volumes at the same time. \n This is a beta feature and only
available when the GenericEphemeralVolume feature gate is
enabled."
volumes at the same time."
properties:
volumeClaimTemplate:
description: "Will be used to create a stand-alone PVC to
@@ -6971,7 +7138,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify
resource requirements that are lower than previous
value but must still be higher than capacity recorded
in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:

363
manifests/setup/0thanosrulerCustomResourceDefinition.yaml
View File

@@ -1149,8 +1149,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1211,9 +1210,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1236,18 +1236,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
crashes or exits. The Pod''s termination grace period
countdown begins before the PreStop hook is executed.
Regardless of the outcome of the handler, the container
will eventually terminate within the Pod''s termination
grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until
the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1308,9 +1306,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -1335,8 +1334,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1357,6 +1355,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1420,9 +1437,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1520,8 +1536,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1542,6 +1557,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1605,9 +1639,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -1688,12 +1721,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
2) has CAP_SYS_ADMIN Note that this field cannot be set
when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
the container runtime. Note that this field cannot be
set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -1713,25 +1748,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
root on the host. Defaults to false. Note that this field
cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
feature flag to be enabled. Note that this field cannot
be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
filesystem. Default is false. Note that this field cannot
be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -1749,7 +1788,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
value specified in SecurityContext takes precedence. Note
that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -1758,7 +1798,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -1781,6 +1822,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
Note that this field cannot be set when spec.os.name is
windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -1806,6 +1849,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is
linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -1851,8 +1896,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -1873,6 +1917,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -1936,9 +1999,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2462,8 +2524,7 @@ spec:
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2524,9 +2585,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2549,18 +2611,16 @@ spec:
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
crashes or exits. The Pod''s termination grace period
countdown begins before the PreStop hook is executed.
Regardless of the outcome of the handler, the container
will eventually terminate within the Pod''s termination
grace period (unless delayed by finalizers). Other management
of the container blocks until the hook completes or until
the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2621,9 +2681,10 @@ spec:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: Deprecated. TCPSocket is NOT supported
as a LifecycleHandler and kept for the backward compatibility.
There are no validation of this field and lifecycle
hooks will fail in runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2648,8 +2709,7 @@ spec:
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2670,6 +2730,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2733,9 +2812,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2833,8 +2911,7 @@ spec:
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2855,6 +2932,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2918,9 +3014,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3001,12 +3096,14 @@ spec:
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
2) has CAP_SYS_ADMIN Note that this field cannot be set
when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
the container runtime. Note that this field cannot be
set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -3026,25 +3123,29 @@ spec:
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
root on the host. Defaults to false. Note that this field
cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
feature flag to be enabled. Note that this field cannot
be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
filesystem. Default is false. Note that this field cannot
be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3062,7 +3163,8 @@ spec:
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
value specified in SecurityContext takes precedence. Note
that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3071,7 +3173,8 @@ spec:
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
takes precedence. Note that this field cannot be set when
spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -3094,6 +3197,8 @@ spec:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
Note that this field cannot be set when spec.os.name is
windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3119,6 +3224,8 @@ spec:
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is
linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3164,8 +3271,7 @@ spec:
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3186,6 +3292,25 @@ spec:
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action involving a GRPC port.
This is an alpha field and requires enabling GRPCContainerProbe
feature gate.
properties:
port:
description: Port number of the gRPC service. Number
must be in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name of the service to
place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified, the default behavior
is defined by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3249,9 +3374,8 @@ spec:
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
description: TCPSocket specifies an action involving a TCP
port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3685,7 +3809,8 @@ spec:
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
any volume."
any volume. Note that this field cannot be set when spec.os.name
is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -3695,13 +3820,15 @@ spec:
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
If not specified, "Always" is used.'
If not specified, "Always" is used. Note that this field cannot
be set when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3718,7 +3845,8 @@ spec:
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container.
takes precedence for that container. Note that this field cannot
be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3727,6 +3855,7 @@ spec:
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies to
@@ -3747,7 +3876,8 @@ spec:
type: object
seccompProfile:
description: The seccomp options to use by the containers in this
pod.
pod. Note that this field cannot be set when spec.os.name is
windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
@@ -3769,7 +3899,8 @@ spec:
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
unspecified, no groups will be added to any container.
unspecified, no groups will be added to any container. Note
that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -3777,7 +3908,8 @@ spec:
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
might fail to launch.
might fail to launch. Note that this field cannot be set when
spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be set
properties:
@@ -3796,7 +3928,8 @@ spec:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
the value specified in SecurityContext takes precedence. Note
that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
@@ -3983,7 +4116,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify
resource requirements that are lower than previous
value but must still be higher than capacity recorded
in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4198,7 +4335,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify resource
requirements that are lower than previous value but
must still be higher than capacity recorded in the status
field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4294,6 +4435,27 @@ spec:
items:
type: string
type: array
allocatedResources:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: The storage resource within AllocatedResources
tracks the capacity allocated to a PVC. It may be larger
than the actual capacity when a volume expansion operation
is requested. For storage quota, the larger value from
allocatedResources and PVC.spec.resources is used. If
allocatedResources is not set, PVC.spec.resources alone
is used for quota calculation. If a volume expansion
capacity request is lowered, allocatedResources is only
lowered if there are no expansion operations in progress
and if the actual volume capacity is equal or lower
than the requested capacity. This is an alpha field
and requires enabling RecoverVolumeExpansionFailure
feature.
type: object
capacity:
additionalProperties:
anyOf:
@@ -4346,6 +4508,13 @@ spec:
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
resizeStatus:
description: ResizeStatus stores status of resize operation.
ResizeStatus is not set by default but when expansion
is complete resizeStatus is set to empty string by resize
controller or kubelet. This is an alpha field and requires
enabling RecoverVolumeExpansionFailure feature.
type: string
type: object
type: object
type: object
@@ -4472,7 +4641,7 @@ spec:
tells the scheduler to schedule the pod in any location, but
giving higher precedence to topologies that would help reduce
the skew. A constraint is considered "Unsatisfiable" for
an incoming pod if and only if every possible node assigment
an incoming pod if and only if every possible node assignment
for that pod would violate "MaxSkew" on some topology. For
example, in a 3-zone cluster, MaxSkew is set to 1, and pods
with the same labelSelector spread as 3/1/1: | zone1 | zone2
@@ -4909,9 +5078,7 @@ spec:
volumes if the CSI driver is meant to be used that way - see
the documentation of the driver for more information. \n A
pod can use both types of ephemeral volumes and persistent
volumes at the same time. \n This is a beta feature and only
available when the GenericEphemeralVolume feature gate is
enabled."
volumes at the same time."
properties:
volumeClaimTemplate:
description: "Will be used to create a stand-alone PVC to
@@ -5028,7 +5195,11 @@ spec:
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
the volume should have. If RecoverVolumeExpansionFailure
feature is enabled users are allowed to specify
resource requirements that are lower than previous
value but must still be higher than capacity recorded
in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties: