blob: 9382f383b9f2ba632039ff8fb12e8a0350366e73 [file] [log] [blame]
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
name: jenkins.jenkins.io
spec:
group: jenkins.io
names:
kind: Jenkins
listKind: JenkinsList
plural: jenkins
singular: jenkins
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: Jenkins is the Schema for the jenkins API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec defines the desired state of the Jenkins
properties:
backup:
description: 'Backup defines configuration of Jenkins backup More
info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/'
properties:
action:
description: Action defines action which performs backup in backup
container sidecar
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute inside
the container, the working directory for the command is
root ('/') in the container's filesystem. The command
is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell,
you need to explicitly call out to that shell. Exit
status of 0 is treated as live/healthy and non-zero
is unhealthy.
items:
type: string
type: array
type: object
type: object
containerName:
description: ContainerName is the container name responsible for
backup operation
type: string
interval:
description: Interval tells how often make backup in seconds Defaults
to 30.
format: int64
type: integer
makeBackupBeforePodDeletion:
description: MakeBackupBeforePodDeletion tells operator to make
backup before Jenkins master pod deletion
type: boolean
required:
- action
- containerName
- interval
- makeBackupBeforePodDeletion
type: object
configurationAsCode:
description: ConfigurationAsCode defines configuration of Jenkins
customization via Configuration as Code Jenkins plugin
properties:
configurations:
items:
description: ConfigMapRef is reference to Kubernetes ConfigMap.
properties:
name:
type: string
required:
- name
type: object
type: array
secret:
description: SecretRef is reference to Kubernetes secret.
properties:
name:
type: string
required:
- name
type: object
required:
- configurations
- secret
type: object
groovyScripts:
description: GroovyScripts defines configuration of Jenkins customization
via groovy scripts
properties:
configurations:
items:
description: ConfigMapRef is reference to Kubernetes ConfigMap.
properties:
name:
type: string
required:
- name
type: object
type: array
secret:
description: SecretRef is reference to Kubernetes secret.
properties:
name:
type: string
required:
- name
type: object
required:
- configurations
- secret
type: object
jenkinsAPISettings:
description: JenkinsAPISettings defines configuration used by the
operator to gain admin access to the Jenkins API
properties:
authorizationStrategy:
description: AuthorizationStrategy defines authorization strategy
of the operator for the Jenkins API
type: string
required:
- authorizationStrategy
type: object
master:
description: Master represents Jenkins master pod properties and Jenkins
plugins. Every single change here requires a pod restart.
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map stored
with a resource that may be set by external tools to store and
retrieve arbitrary metadata. They are not queryable and should
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
basePlugins:
description: 'BasePlugins contains plugins required by operator
Defaults to : - name: kubernetes version: "1.29.6" - name: workflow-job
version: "2.41" - name: workflow-aggregator version: "2.6" -
name: git version: "4.7.2" - name: job-dsl version: "1.77" -
name: configuration-as-code version: "1.51" - name: kubernetes-credentials-provider
version: "0.18-1"'
items:
description: Plugin defines Jenkins plugin.
properties:
downloadURL:
description: DownloadURL is the custom url from where plugin
has to be downloaded.
type: string
name:
description: Name is the name of Jenkins plugin
type: string
version:
description: Version is the version of Jenkins plugin
type: string
required:
- name
- version
type: object
type: array
containers:
description: 'List of containers belonging to the pod. Containers
cannot currently be added or removed. There must be at least
one container in a Pod. Defaults to: - image: jenkins/jenkins:lts imagePullPolicy:
Always livenessProbe: failureThreshold: 12 httpGet: path:
/login port: http scheme: HTTP initialDelaySeconds:
80 periodSeconds: 10 successThreshold: 1 timeoutSeconds:
5 name: jenkins-master readinessProbe: failureThreshold:
3 httpGet: path: /login port: http scheme:
HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold:
1 timeoutSeconds: 1 resources: limits: cpu:
1500m memory: 3Gi requests: cpu: "1" memory:
600Mi'
items:
description: Container defines Kubernetes container attributes.
properties:
args:
description: 'Arguments to the entrypoint. The docker image''s
CMD is used if this is not provided. Variable references
$(VAR_NAME) are expanded using the container''s environment.
If a variable cannot be resolved, the reference in the
input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether
the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within a shell.
The docker image''s ENTRYPOINT is used if this is not
provided. Variable references $(VAR_NAME) are expanded
using the container''s environment. If a variable cannot
be resolved, the reference in the input string will be
unchanged. The $(VAR_NAME) syntax can be escaped with
a double $$, ie: $$(VAR_NAME). Escaped references will
never be expanded, regardless of whether the variable
exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
env:
description: List of environment variables to set in the
container.
items:
description: EnvVar represents an environment variable
present in a Container.
properties:
name:
description: Name of the environment variable. Must
be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are
expanded using the previous defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved, the
reference in the input string will be unchanged.
The $(VAR_NAME) syntax can be escaped with a double
$$, ie: $$(VAR_NAME). Escaped references will never
be expanded, regardless of whether the variable
exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in
the specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for
volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of
the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the
pod's namespace
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment variables
in the container. The keys defined within a source must
be a C_IDENTIFIER. All invalid keys will be reported as
an event when the container is starting. When a key exists
in multiple sources, the value associated with the last
source will take precedence. Values defined by an Env
with a duplicate key will take precedence.
items:
description: EnvFromSource represents the source of a
set of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap must
be defined
type: boolean
type: object
prefix:
description: An optional identifier to prepend to
each key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret must be
defined
type: boolean
type: object
type: object
type: array
image:
description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images'
type: string
imagePullPolicy:
description: Image pull policy. One of Always, Never, IfNotPresent.
Defaults to Always.
type: string
lifecycle:
description: Actions that the management system should take
in response to container lifecycle events.
properties:
postStart:
description: 'PostStart is called immediately after
a container is created. If the handler fails, the
container is terminated and restarted according to
its restart policy. Other management of the container
blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to
execute inside the container, the working
directory for the command is root ('/') in
the container's filesystem. The command is
simply exec'd, it is not run inside a shell,
so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is
treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO:
implement a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: 'PreStop is called immediately before a
container is terminated due to an API request or management
event such as liveness/startup probe failure, preemption,
resource contention, etc. The handler is not called
if the container crashes or exits. The reason for
termination is passed to the handler. The Pod''s termination
grace period countdown begins before the PreStop hooked
is executed. Regardless of the outcome of the handler,
the container will eventually terminate within the
Pod''s termination grace period. Other management
of the container blocks until the hook completes or
until the termination grace period is reached. More
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to
execute inside the container, the working
directory for the command is root ('/') in
the container's filesystem. The command is
simply exec'd, it is not run inside a shell,
so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is
treated as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP. You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO:
implement a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: Periodic probe of container liveness. Container
will be restarted if the probe fails.
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container
has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum
value is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is
1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
name:
description: Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
type: string
ports:
description: List of ports to expose from the container.
Exposing a port here gives the system additional information
about the network connections a container uses, but is
primarily informational. Not specifying a port here DOES
NOT prevent that port from being exposed. Any port which
is listening on the default "0.0.0.0" address inside a
container will be accessible from the network.
items:
description: ContainerPort represents a network port in
a single container.
properties:
containerPort:
description: Number of port to expose on the pod's
IP address. This must be a valid port number, 0
< x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external port
to.
type: string
hostPort:
description: Number of port to expose on the host.
If specified, this must be a valid port number,
0 < x < 65536. If HostNetwork is specified, this
must match ContainerPort. Most containers do not
need this.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod. Each named port in a
pod must have a unique name. Name for the port that
can be referred to by services.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP,
or SCTP. Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
readinessProbe:
description: Periodic probe of container service readiness.
Container will be removed from service endpoints if the
probe fails.
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container
has started before liveness probes are initiated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum
value is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is
1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resources:
description: 'Compute Resources required by this container.
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of
compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount
of compute resources required. If Requests is omitted
for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
securityContext:
description: 'Security options the pod should run with.
More info: https://kubernetes.io/docs/concepts/policy/security-context/
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
a process can gain more privileges than its parent
process. This bool directly controls if the no_new_privs
flag will be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
granted by the container runtime.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
to root on the host. Defaults to false.
type: boolean
procMount:
description: procMount denotes the type of proc mount
to use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
root filesystem. Default is false.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as
a non-root user. If true, the Kubelet will validate
the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if
it does. If unset or false, no such validation will
be performed. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to the
container. If unspecified, the container runtime will
allocate a random SELinux context for each container. May
also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod &
container level, the container options override the
pod options.
properties:
localhostProfile:
description: localhostProfile indicates a profile
defined in a file on the node should be used.
The profile must be preconfigured on the node
to work. Must be a descending path, relative to
the kubelet's configured seccomp profile location.
Must only be set if type is "Localhost".
type: string
type:
description: "type indicates which kind of seccomp
profile will be applied. Valid options are: \n
Localhost - a profile defined in a file on the
node should be used. RuntimeDefault - the container
runtime default profile should be used. Unconfined
- no profile should be applied."
type: string
required:
- type
type: object
windowsOptions:
description: The Windows specific settings applied to
all containers. If unspecified, the options from the
PodSecurityContext will be used. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA
admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec
named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the
entrypoint of the container process. Defaults
to the user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
volumeMounts:
description: Pod volumes to mount into the container's filesystem.
items:
description: VolumeMount describes a mounting of a Volume
within a container.
properties:
mountPath:
description: Path within the container at which the
volume should be mounted. Must not contain ':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts
are propagated from the host to container and the
other way around. When not set, MountPropagationNone
is used. This field is beta in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write
otherwise (false or unspecified). Defaults to false.
type: boolean
subPath:
description: Path within the volume from which the
container's volume should be mounted. Defaults to
"" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from
which the container's volume should be mounted.
Behaves similarly to SubPath but environment variable
references $(VAR_NAME) are expanded using the container's
environment. Defaults to "" (volume's root). SubPathExpr
and SubPath are mutually exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory. If not specified,
the container runtime's default will be used, which might
be configured in the container image.
type: string
required:
- image
- imagePullPolicy
- name
- resources
type: object
type: array
disableCSRFProtection:
description: DisableCSRFProtection allows you to toggle CSRF Protection
on Jenkins
type: boolean
imagePullSecrets:
description: 'ImagePullSecrets is an optional list of references
to secrets in the same namespace to use for pulling any of the
images used by this PodSpec. If specified, these secrets will
be passed to individual puller implementations for them to use.
For example, in the case of docker, only DockerConfig type secrets
are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
items:
description: LocalObjectReference contains enough information
to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
type: array
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be used to
organize and categorize (scope and select) objects. May match
selectors of replication controllers and services. More info:
http://kubernetes.io/docs/user-guide/labels'
type: object
nodeSelector:
additionalProperties:
type: string
description: 'NodeSelector is a selector which must be true for
the pod to fit on a node. Selector which must match a node''s
labels for the pod to be scheduled on that node. More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
type: object
plugins:
description: Plugins contains plugins required by user
items:
description: Plugin defines Jenkins plugin.
properties:
downloadURL:
description: DownloadURL is the custom url from where plugin
has to be downloaded.
type: string
name:
description: Name is the name of Jenkins plugin
type: string
version:
description: Version is the version of Jenkins plugin
type: string
required:
- name
- version
type: object
type: array
priorityClassName:
description: PriorityClassName for Jenkins master pod
type: string
securityContext:
description: 'SecurityContext that applies to all the containers
of the Jenkins Master. As per kubernetes specification, it can
be overridden for each container individually. Defaults to:
runAsUser: 1000 fsGroup: 1000'
properties:
fsGroup:
description: "A special supplemental group that applies to
all containers in a pod. Some volume types allow the Kubelet
to change the ownership of that volume to be owned by the
pod: \n 1. The owning GID will be the FSGroup 2. The setgid
bit is set (new files created in the volume will be owned
by FSGroup) 3. The permission bits are OR'd with rw-rw----
\n If unset, the Kubelet will not modify the ownership and
permissions of any volume."
format: int64
type: integer
fsGroupChangePolicy:
description: 'fsGroupChangePolicy defines behavior of changing
ownership and permission of the volume before being exposed
inside Pod. This field will only apply to volume types which
support fsGroup based ownership(and permissions). It will
have no effect on ephemeral volume types such as: secret,
configmaps and emptydir. Valid values are "OnRootMismatch"
and "Always". If not specified, "Always" is used.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in SecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext
takes precedence for that container.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as a non-root
user. If true, the Kubelet will validate the image at runtime
to ensure that it does not run as UID 0 (root) and fail
to start the container if it does. If unset or false, no
such validation will be performed. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process. Defaults to user specified in image metadata if
unspecified. May also be set in SecurityContext. If set
in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to all containers.
If unspecified, the container runtime will allocate a random
SELinux context for each container. May also be set in
SecurityContext. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence
for that container.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by the containers
in this pod.
properties:
localhostProfile:
description: localhostProfile indicates a profile defined
in a file on the node should be used. The profile must
be preconfigured on the node to work. Must be a descending
path, relative to the kubelet's configured seccomp profile
location. Must only be set if type is "Localhost".
type: string
type:
description: "type indicates which kind of seccomp profile
will be applied. Valid options are: \n Localhost - a
profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile
should be used. Unconfined - no profile should be applied."
type: string
required:
- type
type: object
supplementalGroups:
description: A list of groups applied to the first process
run in each container, in addition to the container's primary
GID. If unspecified, no groups will be added to any container.
items:
format: int64
type: integer
type: array
sysctls:
description: Sysctls hold a list of namespaced sysctls used
for the pod. Pods with unsupported sysctls (by the container
runtime) might fail to launch.
items:
description: Sysctl defines a kernel parameter to be set
properties:
name:
description: Name of a property to set
type: string
value:
description: Value of a property to set
type: string
required:
- name
- value
type: object
type: array
windowsOptions:
description: The Windows specific settings applied to all
containers. If unspecified, the options within a container's
SecurityContext will be used. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec named
by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the
GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set in
PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext
takes precedence.
type: string
type: object
type: object
tolerations:
description: If specified, the pod's tolerations.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
volumes:
description: 'List of volumes that can be mounted by containers
belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
items:
description: Volume represents a named volume in a pod that
may be accessed by any container in the pod.
properties:
awsElasticBlockStore:
description: 'AWSElasticBlockStore represents an AWS Disk
resource that is attached to a kubelet''s host machine
and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
description: 'Filesystem type of the volume that you
want to mount. Tip: Ensure that the filesystem type
is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
description: 'The partition in the volume that you want
to mount. If omitted, the default is to mount by volume
name. Examples: For volume /dev/sda1, you specify
the partition as "1". Similarly, the volume partition
for /dev/sda is "0" (or you can leave the property
empty).'
format: int32
type: integer
readOnly:
description: 'Specify "true" to force and set the ReadOnly
property in VolumeMounts to "true". If omitted, the
default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
description: 'Unique ID of the persistent disk resource
in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
description: AzureDisk represents an Azure Data Disk mount
on the host and bind mount to the pod.
properties:
cachingMode:
description: 'Host Caching mode: None, Read Only, Read
Write.'
type: string
diskName:
description: The Name of the data disk in the blob storage
type: string
diskURI:
description: The URI the data disk in the blob storage
type: string
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if
unspecified.
type: string
kind:
description: 'Expected values Shared: multiple blob
disks per storage account Dedicated: single blob
disk per storage account Managed: azure managed data
disk (only in managed availability set). defaults
to shared'
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly
here will force the ReadOnly setting in VolumeMounts.
type: boolean
required:
- diskName
- diskURI
type: object
azureFile:
description: AzureFile represents an Azure File Service
mount on the host and bind mount to the pod.
properties:
readOnly:
description: Defaults to false (read/write). ReadOnly
here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretName:
description: the name of secret that contains Azure
Storage Account Name and Key
type: string
shareName:
description: Share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
description: CephFS represents a Ceph FS mount on the host
that shares a pod's lifetime
properties:
monitors:
description: 'Required: Monitors is a collection of
Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
description: 'Optional: Used as the mounted root, rather
than the full Ceph tree, default is /'
type: string
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
description: 'Optional: SecretFile is the path to key
ring for User, default is /etc/ceph/user.secret More
info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
description: 'Optional: SecretRef is reference to the
authentication secret for User, default is empty.
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
user:
description: 'Optional: User is the rados user name,
default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
description: 'Cinder represents a cinder volume attached
and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
description: 'Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
description: 'Optional: points to a secret object containing
parameters used to connect to OpenStack.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
volumeID:
description: 'volume id used to identify the volume
in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
description: ConfigMap represents a configMap that should
populate this volume
properties:
defaultMode:
description: 'Optional: mode bits used to set permissions
on created files by default. Must be an octal value
between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values,
JSON requires decimal values for mode bits. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and
the result can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in
the Data field of the referenced ConfigMap will be
projected into the volume as a file whose name is
the key and content is the value. If specified, the
listed keys will be projected into the specified paths,
and unlisted keys will not be present. If a key is
specified which is not present in the ConfigMap, the
volume setup will error unless it is marked optional.
Paths must be relative and may not contain the '..'
path or start with '..'.
items:
description: Maps a string key to a path within a
volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits used to set
permissions on this file. Must be an octal value
between 0000 and 0777 or a decimal value between
0 and 511. YAML accepts both octal and decimal
values, JSON requires decimal values for mode
bits. If not specified, the volume defaultMode
will be used. This might be in conflict with
other options that affect the file mode, like
fsGroup, and the result can be other mode bits
set.'
format: int32
type: integer
path:
description: The relative path of the file to
map the key to. May not be an absolute path.
May not contain the path element '..'. May not
start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its keys
must be defined
type: boolean
type: object
csi:
description: CSI (Container Storage Interface) represents
ephemeral storage that is handled by certain external
CSI drivers (Beta feature).
properties:
driver:
description: Driver is the name of the CSI driver that
handles this volume. Consult with your admin for the
correct name as registered in the cluster.
type: string
fsType:
description: Filesystem type to mount. Ex. "ext4", "xfs",
"ntfs". If not provided, the empty value is passed
to the associated CSI driver which will determine
the default filesystem to apply.
type: string
nodePublishSecretRef:
description: NodePublishSecretRef is a reference to
the secret object containing sensitive information
to pass to the CSI driver to complete the CSI NodePublishVolume
and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the
secret object contains more than one secret, all secret
references are passed.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
readOnly:
description: Specifies a read-only configuration for
the volume. Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
description: VolumeAttributes stores driver-specific
properties that are passed to the CSI driver. Consult
your driver's documentation for supported values.
type: object
required:
- driver
type: object
downwardAPI:
description: DownwardAPI represents downward API about the
pod that should populate this volume
properties:
defaultMode:
description: 'Optional: mode bits to use on created
files by default. Must be a Optional: mode bits used
to set permissions on created files by default. Must
be an octal value between 0000 and 0777 or a decimal
value between 0 and 511. YAML accepts both octal and
decimal values, JSON requires decimal values for mode
bits. Defaults to 0644. Directories within the path
are not affected by this setting. This might be in
conflict with other options that affect the file mode,
like fsGroup, and the result can be other mode bits
set.'
format: int32
type: integer
items:
description: Items is a list of downward API volume
file
items:
description: DownwardAPIVolumeFile represents information
to create the file containing the pod field
properties:
fieldRef:
description: 'Required: Selects a field of the
pod: only annotations, labels, name and namespace
are supported.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in
the specified API version.
type: string
required:
- fieldPath
type: object
mode:
description: 'Optional: mode bits used to set
permissions on this file, must be an octal value
between 0000 and 0777 or a decimal value between
0 and 511. YAML accepts both octal and decimal
values, JSON requires decimal values for mode
bits. If not specified, the volume defaultMode
will be used. This might be in conflict with
other options that affect the file mode, like
fsGroup, and the result can be other mode bits
set.'
format: int32
type: integer
path:
description: 'Required: Path is the relative
path name of the file to be created. Must not
be absolute or contain the ''..'' path. Must
be utf-8 encoded. The first item of the relative
path must not start with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, requests.cpu and requests.memory)
are currently supported.'
properties:
containerName:
description: 'Container name: required for
volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of
the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
required:
- path
type: object
type: array
type: object
emptyDir:
description: 'EmptyDir represents a temporary directory
that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
description: 'What type of storage medium should back
this directory. The default is "" which means to use
the node''s default medium. Must be an empty string
(default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
description: 'Total amount of local storage required
for this EmptyDir volume. The size limit is also applicable
for memory medium. The maximum usage on memory medium
EmptyDir would be the minimum value between the SizeLimit
specified here and the sum of memory limits of all
containers in a pod. The default is nil which means
that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
description: "Ephemeral represents a volume that is handled
by a cluster storage driver (Alpha feature). The volume's
lifecycle is tied to the pod that defines it - it will
be created before the pod starts, and deleted when the
pod is removed. \n Use this if: a) the volume is only
needed while the pod runs, b) features of normal volumes
like restoring from snapshot or capacity tracking are
needed, c) the storage driver is specified through a storage
class, and d) the storage driver supports dynamic volume
provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource
for more information on the connection between this
volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
or one of the vendor-specific APIs for volumes that persist
for longer than the lifecycle of an individual pod. \n
Use CSI for light-weight local ephemeral volumes if the
CSI driver is meant to be used that way - see the documentation
of the driver for more information. \n A pod can use both
types of ephemeral volumes and persistent volumes at the
same time."
properties:
readOnly:
description: Specifies a read-only configuration for
the volume. Defaults to false (read/write).
type: boolean
volumeClaimTemplate:
description: "Will be used to create a stand-alone PVC
to provision the volume. The pod in which this EphemeralVolumeSource
is embedded will be the owner of the PVC, i.e. the
PVC will be deleted together with the pod. The name
of the PVC will be `<pod name>-<volume name>` where
`<volume name>` is the name from the `PodSpec.Volumes`
array entry. Pod validation will reject the pod if
the concatenated name is not valid for a PVC (for
example, too long). \n An existing PVC with that name
that is not owned by the pod will *not* be used for
the pod to avoid using an unrelated volume by mistake.
Starting the pod is then blocked until the unrelated
PVC is removed. If such a pre-created PVC is meant
to be used by the pod, the PVC has to updated with
an owner reference to the pod once the pod exists.
Normally this should not be necessary, but it may
be useful when manually reconstructing a broken cluster.
\n This field is read-only and no changes will be
made by Kubernetes to the PVC after it has been created.
\n Required, must not be nil."
properties:
metadata:
description: May contain labels and annotations
that will be copied into the PVC when creating
it. No other fields are allowed and will be rejected
during validation.
type: object
spec:
description: The specification for the PersistentVolumeClaim.
The entire content is copied unchanged into the
PVC that gets created from this template. The
same fields as in a PersistentVolumeClaim are
also valid here.
properties:
accessModes:
description: 'AccessModes contains the desired
access modes the volume should have. More
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
description: 'This field can be used to specify
either: * An existing VolumeSnapshot object
(snapshot.storage.k8s.io/VolumeSnapshot) *
An existing PVC (PersistentVolumeClaim) *
An existing custom resource that implements
data population (Alpha) In order to use custom
resource types that implement data population,
the AnyVolumeDataSource feature gate must
be enabled. If the provisioner or an external
controller can support the specified data
source, it will create a new volume based
on the contents of the specified data source.'
properties:
apiGroup:
description: APIGroup is the group for the
resource being referenced. If APIGroup
is not specified, the specified Kind must
be in the core API group. For any other
third-party types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource
being referenced
type: string
name:
description: Name is the name of resource
being referenced
type: string
required:
- kind
- name
type: object
resources:
description: 'Resources represents the minimum
resources the volume should have. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum
amount of compute resources allowed. More
info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum
amount of compute resources required.
If Requests is omitted for a container,
it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
selector:
description: A label query over volumes to consider
for binding.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
storageClassName:
description: 'Name of the StorageClass required
by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of
volume is required by the claim. Value of
Filesystem is implied when not included in
claim spec.
type: string
volumeName:
description: VolumeName is the binding reference
to the PersistentVolume backing this claim.
type: string
type: object
required:
- spec
type: object
type: object
fc:
description: FC represents a Fibre Channel resource that
is attached to a kubelet's host machine and then exposed
to the pod.
properties:
fsType:
description: 'Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if
unspecified. TODO: how do we prevent errors in the
filesystem from compromising the machine'
type: string
lun:
description: 'Optional: FC target lun number'
format: int32
type: integer
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
description: 'Optional: FC target worldwide names (WWNs)'
items:
type: string
type: array
wwids:
description: 'Optional: FC volume world wide identifiers
(wwids) Either wwids or combination of targetWWNs
and lun must be set, but not both simultaneously.'
items:
type: string
type: array
type: object
flexVolume:
description: FlexVolume represents a generic volume resource
that is provisioned/attached using an exec based plugin.
properties:
driver:
description: Driver is the name of the driver to use
for this volume.
type: string
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". The default filesystem depends on FlexVolume
script.
type: string
options:
additionalProperties:
type: string
description: 'Optional: Extra command options if any.'
type: object
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
description: 'Optional: SecretRef is reference to the
secret object containing sensitive information to
pass to the plugin scripts. This may be empty if no
secret object is specified. If the secret object contains
more than one secret, all secrets are passed to the
plugin scripts.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
required:
- driver
type: object
flocker:
description: Flocker represents a Flocker volume attached
to a kubelet's host machine. This depends on the Flocker
control service being running
properties:
datasetName:
description: Name of the dataset stored as metadata
-> name on the dataset for Flocker should be considered
as deprecated
type: string
datasetUUID:
description: UUID of the dataset. This is unique identifier
of a Flocker dataset
type: string
type: object
gcePersistentDisk:
description: 'GCEPersistentDisk represents a GCE Disk resource
that is attached to a kubelet''s host machine and then
exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
description: 'Filesystem type of the volume that you
want to mount. Tip: Ensure that the filesystem type
is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
description: 'The partition in the volume that you want
to mount. If omitted, the default is to mount by volume
name. Examples: For volume /dev/sda1, you specify
the partition as "1". Similarly, the volume partition
for /dev/sda is "0" (or you can leave the property
empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
description: 'Unique name of the PD resource in GCE.
Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
description: 'ReadOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
required:
- pdName
type: object
gitRepo:
description: 'GitRepo represents a git repository at a particular
revision. DEPRECATED: GitRepo is deprecated. To provision
a container with a git repo, mount an EmptyDir into an
InitContainer that clones the repo using git, then mount
the EmptyDir into the Pod''s container.'
properties:
directory:
description: Target directory name. Must not contain
or start with '..'. If '.' is supplied, the volume
directory will be the git repository. Otherwise,
if specified, the volume will contain the git repository
in the subdirectory with the given name.
type: string
repository:
description: Repository URL
type: string
revision:
description: Commit hash for the specified revision.
type: string
required:
- repository
type: object
glusterfs:
description: 'Glusterfs represents a Glusterfs mount on
the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
description: 'EndpointsName is the endpoint name that
details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
description: 'Path is the Glusterfs volume path. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
description: 'ReadOnly here will force the Glusterfs
volume to be mounted with read-only permissions. Defaults
to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
required:
- endpoints
- path
type: object
hostPath:
description: 'HostPath represents a pre-existing file or
directory on the host machine that is directly exposed
to the container. This is generally used for system agents
or other privileged things that are allowed to see the
host machine. Most containers will NOT need this. More
info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
--- TODO(jonesdl) We need to restrict who can use host
directory mounts and who can/can not mount host directories
as read/write.'
properties:
path:
description: 'Path of the directory on the host. If
the path is a symlink, it will follow the link to
the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
description: 'Type for HostPath Volume Defaults to ""
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
description: 'ISCSI represents an ISCSI Disk resource that
is attached to a kubelet''s host machine and then exposed
to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
description: whether support iSCSI Discovery CHAP authentication
type: boolean
chapAuthSession:
description: whether support iSCSI Session CHAP authentication
type: boolean
fsType:
description: 'Filesystem type of the volume that you
want to mount. Tip: Ensure that the filesystem type
is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
initiatorName:
description: Custom iSCSI Initiator Name. If initiatorName
is specified with iscsiInterface simultaneously, new
iSCSI interface <target portal>:<volume name> will
be created for the connection.
type: string
iqn:
description: Target iSCSI Qualified Name.
type: string
iscsiInterface:
description: iSCSI Interface Name that uses an iSCSI
transport. Defaults to 'default' (tcp).
type: string
lun:
description: iSCSI Target Lun number.
format: int32
type: integer
portals:
description: iSCSI Target Portal List. The portal is
either an IP or ip_addr:port if the port is other
than default (typically TCP ports 860 and 3260).
items:
type: string
type: array
readOnly:
description: ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false.
type: boolean
secretRef:
description: CHAP Secret for iSCSI target and initiator
authentication
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
targetPortal:
description: iSCSI Target Portal. The Portal is either
an IP or ip_addr:port if the port is other than default
(typically TCP ports 860 and 3260).
type: string
required:
- iqn
- lun
- targetPortal
type: object
name:
description: 'Volume''s name. Must be a DNS_LABEL and unique
within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
nfs:
description: 'NFS represents an NFS mount on the host that
shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
description: 'Path that is exported by the NFS server.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
description: 'ReadOnly here will force the NFS export
to be mounted with read-only permissions. Defaults
to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
description: 'Server is the hostname or IP address of
the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
- path
- server
type: object
persistentVolumeClaim:
description: 'PersistentVolumeClaimVolumeSource represents
a reference to a PersistentVolumeClaim in the same namespace.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
description: 'ClaimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this volume.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
description: Will force the ReadOnly setting in VolumeMounts.
Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
description: PhotonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets host
machine
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if
unspecified.
type: string
pdID:
description: ID that identifies Photon Controller persistent
disk
type: string
required:
- pdID
type: object
portworxVolume:
description: PortworxVolume represents a portworx volume
attached and mounted on kubelets host machine
properties:
fsType:
description: FSType represents the filesystem type to
mount Must be a filesystem type supported by the host
operating system. Ex. "ext4", "xfs". Implicitly inferred
to be "ext4" if unspecified.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly
here will force the ReadOnly setting in VolumeMounts.
type: boolean
volumeID:
description: VolumeID uniquely identifies a Portworx
volume
type: string
required:
- volumeID
type: object
projected:
description: Items for all in one resources secrets, configmaps,
and downward API
properties:
defaultMode:
description: Mode bits used to set permissions on created
files by default. Must be an octal value between 0000
and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires
decimal values for mode bits. Directories within the
path are not affected by this setting. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.
format: int32
type: integer
sources:
description: list of volume projections
items:
description: Projection that may be projected along
with other supported volume types
properties:
configMap:
description: information about the configMap data
to project
properties:
items:
description: If unspecified, each key-value
pair in the Data field of the referenced
ConfigMap will be projected into the volume
as a file whose name is the key and content
is the value. If specified, the listed keys
will be projected into the specified paths,
and unlisted keys will not be present. If
a key is specified which is not present
in the ConfigMap, the volume setup will
error unless it is marked optional. Paths
must be relative and may not contain the
'..' path or start with '..'.
items:
description: Maps a string key to a path
within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits used
to set permissions on this file. Must
be an octal value between 0000 and
0777 or a decimal value between 0
and 511. YAML accepts both octal and
decimal values, JSON requires decimal
values for mode bits. If not specified,
the volume defaultMode will be used.
This might be in conflict with other
options that affect the file mode,
like fsGroup, and the result can be
other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the
file to map the key to. May not be
an absolute path. May not contain
the path element '..'. May not start
with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its keys must be defined
type: boolean
type: object
downwardAPI:
description: information about the downwardAPI
data to project
properties:
items:
description: Items is a list of DownwardAPIVolume
file
items:
description: DownwardAPIVolumeFile represents
information to create the file containing
the pod field
properties:
fieldRef:
description: 'Required: Selects a field
of the pod: only annotations, labels,
name and namespace are supported.'
properties:
apiVersion:
description: Version of the schema
the FieldPath is written in terms
of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to
select in the specified API version.
type: string
required:
- fieldPath
type: object
mode:
description: 'Optional: mode bits used
to set permissions on this file, must
be an octal value between 0000 and
0777 or a decimal value between 0
and 511. YAML accepts both octal and
decimal values, JSON requires decimal
values for mode bits. If not specified,
the volume defaultMode will be used.
This might be in conflict with other
options that affect the file mode,
like fsGroup, and the result can be
other mode bits set.'
format: int32
type: integer
path:
description: 'Required: Path is the
relative path name of the file to
be created. Must not be absolute or
contain the ''..'' path. Must be utf-8
encoded. The first item of the relative
path must not start with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource of
the container: only resources limits
and requests (limits.cpu, limits.memory,
requests.cpu and requests.memory)
are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env
vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource
to select'
type: string
required:
- resource
type: object
required:
- path
type: object
type: array
type: object
secret:
description: information about the secret data
to project
properties:
items:
description: If unspecified, each key-value
pair in the Data field of the referenced
Secret will be projected into the volume
as a file whose name is the key and content
is the value. If specified, the listed keys
will be projected into the specified paths,
and unlisted keys will not be present. If
a key is specified which is not present
in the Secret, the volume setup will error
unless it is marked optional. Paths must
be relative and may not contain the '..'
path or start with '..'.
items:
description: Maps a string key to a path
within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits used
to set permissions on this file. Must
be an octal value between 0000 and
0777 or a decimal value between 0
and 511. YAML accepts both octal and
decimal values, JSON requires decimal
values for mode bits. If not specified,
the volume defaultMode will be used.
This might be in conflict with other
options that affect the file mode,
like fsGroup, and the result can be
other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the
file to map the key to. May not be
an absolute path. May not contain
the path element '..'. May not start
with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
type: object
serviceAccountToken:
description: information about the serviceAccountToken
data to project
properties:
audience:
description: Audience is the intended audience
of the token. A recipient of a token must
identify itself with an identifier specified
in the audience of the token, and otherwise
should reject the token. The audience defaults
to the identifier of the apiserver.
type: string
expirationSeconds:
description: ExpirationSeconds is the requested
duration of validity of the service account
token. As the token approaches expiration,
the kubelet volume plugin will proactively
rotate the service account token. The kubelet
will start trying to rotate the token if
the token is older than 80 percent of its
time to live or if the token is older than
24 hours.Defaults to 1 hour and must be
at least 10 minutes.
format: int64
type: integer
path:
description: Path is the path relative to
the mount point of the file to project the
token into.
type: string
required:
- path
type: object
type: object
type: array
type: object
quobyte:
description: Quobyte represents a Quobyte mount on the host
that shares a pod's lifetime
properties:
group:
description: Group to map volume access to Default is
no group
type: string
readOnly:
description: ReadOnly here will force the Quobyte volume
to be mounted with read-only permissions. Defaults
to false.
type: boolean
registry:
description: Registry represents a single or multiple
Quobyte Registry services specified as a string as
host:port pair (multiple entries are separated with
commas) which acts as the central registry for volumes
type: string
tenant:
description: Tenant owning the given Quobyte volume
in the Backend Used with dynamically provisioned Quobyte
volumes, value is set by the plugin
type: string
user:
description: User to map volume access to Defaults to
serivceaccount user
type: string
volume:
description: Volume is a string that references an already
created Quobyte volume by name.
type: string
required:
- registry
- volume
type: object
rbd:
description: 'RBD represents a Rados Block Device mount
on the host that shares a pod''s lifetime. More info:
https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
description: 'Filesystem type of the volume that you
want to mount. Tip: Ensure that the filesystem type
is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
image:
description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
description: 'Keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
description: 'A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
description: 'The rados pool name. Default is rbd. More
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
description: 'ReadOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
description: 'SecretRef is name of the authentication
secret for RBDUser. If provided overrides keyring.
Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
user:
description: 'The rados user name. Default is admin.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
description: ScaleIO represents a ScaleIO persistent volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Default is "xfs".
type: string
gateway:
description: The host address of the ScaleIO API Gateway.
type: string
protectionDomain:
description: The name of the ScaleIO Protection Domain
for the configured storage.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly
here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
description: SecretRef references to the secret for
ScaleIO user and other sensitive information. If this
is not provided, Login operation will fail.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
sslEnabled:
description: Flag to enable/disable SSL communication
with Gateway, default false
type: boolean
storageMode:
description: Indicates whether the storage for a volume
should be ThickProvisioned or ThinProvisioned. Default
is ThinProvisioned.
type: string
storagePool:
description: The ScaleIO Storage Pool associated with
the protection domain.
type: string
system:
description: The name of the storage system as configured
in ScaleIO.
type: string
volumeName:
description: The name of a volume already created in
the ScaleIO system that is associated with this volume
source.
type: string
required:
- gateway
- secretRef
- system
type: object
secret:
description: 'Secret represents a secret that should populate
this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
description: 'Optional: mode bits used to set permissions
on created files by default. Must be an octal value
between 0000 and 0777 or a decimal value between 0
and 511. YAML accepts both octal and decimal values,
JSON requires decimal values for mode bits. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and
the result can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in
the Data field of the referenced Secret will be projected
into the volume as a file whose name is the key and
content is the value. If specified, the listed keys
will be projected into the specified paths, and unlisted
keys will not be present. If a key is specified which
is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be
relative and may not contain the '..' path or start
with '..'.
items:
description: Maps a string key to a path within a
volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits used to set
permissions on this file. Must be an octal value
between 0000 and 0777 or a decimal value between
0 and 511. YAML accepts both octal and decimal
values, JSON requires decimal values for mode
bits. If not specified, the volume defaultMode
will be used. This might be in conflict with
other options that affect the file mode, like
fsGroup, and the result can be other mode bits
set.'
format: int32
type: integer
path:
description: The relative path of the file to
map the key to. May not be an absolute path.
May not contain the path element '..'. May not
start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
optional:
description: Specify whether the Secret or its keys
must be defined
type: boolean
secretName:
description: 'Name of the secret in the pod''s namespace
to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
description: StorageOS represents a StorageOS volume attached
and mounted on Kubernetes nodes.
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if
unspecified.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly
here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
description: SecretRef specifies the secret to use for
obtaining the StorageOS API credentials. If not specified,
default values will be attempted.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
volumeName:
description: VolumeName is the human-readable name of
the StorageOS volume. Volume names are only unique
within a namespace.
type: string
volumeNamespace:
description: VolumeNamespace specifies the scope of
the volume within StorageOS. If no namespace is specified
then the Pod's namespace will be used. This allows
the Kubernetes name scoping to be mirrored within
StorageOS for tighter integration. Set VolumeName
to any name to override the default behaviour. Set
to "default" if you are not using namespaces within
StorageOS. Namespaces that do not pre-exist within
StorageOS will be created.
type: string
type: object
vsphereVolume:
description: VsphereVolume represents a vSphere volume attached
and mounted on kubelets host machine
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if
unspecified.
type: string
storagePolicyID:
description: Storage Policy Based Management (SPBM)
profile ID associated with the StoragePolicyName.
type: string
storagePolicyName:
description: Storage Policy Based Management (SPBM)
profile name.
type: string
volumePath:
description: Path that identifies vSphere volume vmdk
type: string
required:
- volumePath
type: object
required:
- name
type: object
type: array
required:
- disableCSRFProtection
type: object
notifications:
description: Notifications defines list of a services which are used
to inform about Jenkins status Can be used to integrate chat services
like Slack, Microsoft Teams or Mailgun
items:
description: Notification is a service configuration used to send
notifications about Jenkins status.
properties:
level:
description: NotificationLevel defines the level of a Notification.
type: string
mailgun:
description: Mailgun is handler for Mailgun email service notification
channel.
properties:
apiKeySecretKeySelector:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
secret:
description: The name of the secret in the pod's namespace
to select from.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
required:
- key
- secret
type: object
domain:
type: string
from:
type: string
recipient:
type: string
required:
- apiKeySecretKeySelector
- domain
- from
- recipient
type: object
name:
type: string
slack:
description: Slack is handler for Slack notification channel.
properties:
webHookURLSecretKeySelector:
description: The web hook URL to Slack App
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
secret:
description: The name of the secret in the pod's namespace
to select from.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
required:
- key
- secret
type: object
required:
- webHookURLSecretKeySelector
type: object
smtp:
description: SMTP is handler for sending emails via this protocol.
properties:
from:
type: string
passwordSecretKeySelector:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
secret:
description: The name of the secret in the pod's namespace
to select from.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
required:
- key
- secret
type: object
port:
type: integer
server:
type: string
tlsInsecureSkipVerify:
type: boolean
to:
type: string
usernameSecretKeySelector:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
secret:
description: The name of the secret in the pod's namespace
to select from.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
required:
- key
- secret
type: object
required:
- from
- passwordSecretKeySelector
- port
- server
- to
- usernameSecretKeySelector
type: object
teams:
description: MicrosoftTeams is handler for Microsoft MicrosoftTeams
notification channel.
properties:
webHookURLSecretKeySelector:
description: The web hook URL to MicrosoftTeams App
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
secret:
description: The name of the secret in the pod's namespace
to select from.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
type: object
required:
- key
- secret
type: object
required:
- webHookURLSecretKeySelector
type: object
verbose:
type: boolean
required:
- level
- name
- verbose
type: object
type: array
restore:
description: 'Backup defines configuration of Jenkins backup restore
More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/'
properties:
action:
description: Action defines action which performs restore backup
in restore container sidecar
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute inside
the container, the working directory for the command is
root ('/') in the container's filesystem. The command
is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell,
you need to explicitly call out to that shell. Exit
status of 0 is treated as live/healthy and non-zero
is unhealthy.
items:
type: string
type: array
type: object
type: object
containerName:
description: ContainerName is the container name responsible for
restore backup operation
type: string
getLatestAction:
description: GetLatestAction defines action which returns the
latest backup number. If there is no backup "-1" should be returned.
properties:
exec:
description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute inside
the container, the working directory for the command is
root ('/') in the container's filesystem. The command
is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell,
you need to explicitly call out to that shell. Exit
status of 0 is treated as live/healthy and non-zero
is unhealthy.
items:
type: string
type: array
type: object
type: object
recoveryOnce:
description: RecoveryOnce if want to restore specific backup set
this field and then Jenkins will be restarted and desired backup
will be restored
format: int64
type: integer
required:
- action
- containerName
type: object
roles:
description: Roles defines list of extra RBAC roles for the Jenkins
Master pod service account
items:
description: RoleRef contains information that points to the role
being used
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
type: array
seedJobs:
description: 'SeedJobs defines list of Jenkins Seed Job configurations
More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines'
items:
description: 'SeedJob defines configuration for seed job More info:
https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration/#configure-seed-jobs-and-pipelines.'
properties:
additionalClasspath:
description: AdditionalClasspath is setting for Job DSL API
plugin to set Additional Classpath
type: string
bitbucketPushTrigger:
description: BitbucketPushTrigger is used for Bitbucket web
hooks
type: boolean
buildPeriodically:
description: BuildPeriodically is setting for scheduled trigger
type: string
credentialID:
description: CredentialID is the Kubernetes secret name which
stores repository access credentials
type: string
credentialType:
description: JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/
credential type
type: string
description:
description: Description is the description of the seed job
type: string
failOnMissingPlugin:
description: FailOnMissingPlugin is setting for Job DSL API
plugin that fails job if required plugin is missing
type: boolean
githubPushTrigger:
description: GitHubPushTrigger is used for GitHub web hooks
type: boolean
id:
description: ID is the unique seed job name
type: string
ignoreMissingFiles:
description: IgnoreMissingFiles is setting for Job DSL API plugin
to ignore files that miss
type: boolean
pollSCM:
description: PollSCM is setting for polling changes in SCM
type: string
repositoryBranch:
description: RepositoryBranch is the repository branch where
are seed job definitions
type: string
repositoryUrl:
description: RepositoryURL is the repository access URL. Can
be SSH or HTTPS.
type: string
targets:
description: Targets is the repository path where are seed job
definitions
type: string
unstableOnDeprecation:
description: UnstableOnDeprecation is setting for Job DSL API
plugin that sets build status as unstable if build using deprecated
features
type: boolean
type: object
type: array
service:
description: 'Service is Kubernetes service of Jenkins master HTTP
pod Defaults to : port: 8080 type: ClusterIP'
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map stored
with a resource that may be set by external tools to store and
retrieve arbitrary metadata. They are not queryable and should
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
labels:
additionalProperties:
type: string
description: 'Route service traffic to pods with label keys and
values matching this selector. If empty or not present, the
service is assumed to have an external process managing its
endpoints, which Kubernetes will not modify. Only applies to
types ClusterIP, NodePort, and LoadBalancer. Ignored if type
is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
type: object
loadBalancerIP:
description: 'Only applies to Service Type: LoadBalancer LoadBalancer
will get created with the IP specified in this field. This feature
depends on whether the underlying cloud-provider supports specifying
the loadBalancerIP when a load balancer is created. This field
will be ignored if the cloud-provider does not support the feature.'
type: string
loadBalancerSourceRanges:
description: 'If specified and supported by the platform, this
will restrict traffic through the cloud-provider load-balancer
will be restricted to the specified client IPs. This field will
be ignored if the cloud-provider does not support the feature."
More info: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access'
items:
type: string
type: array
nodePort:
description: 'The port on each node on which this service is exposed
when type=NodePort or LoadBalancer. Usually assigned by the
system. If specified, it will be allocated to the service if
unused or else creation of the service will fail. Default is
to auto-allocate a port if the ServiceType of this Service requires
one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
format: int32
type: integer
port:
description: 'The port that are exposed by this service. More
info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
format: int32
type: integer
type:
description: 'Type determines how the Service is exposed. Defaults
to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort,
and LoadBalancer. "ExternalName" maps to the specified externalName.
"ClusterIP" allocates a cluster-internal IP address for load-balancing
to endpoints. Endpoints are determined by the selector or if
that is not specified, by manual construction of an Endpoints
object. If clusterIP is "None", no virtual IP is allocated and
the endpoints are published as a set of endpoints rather than
a stable IP. "NodePort" builds on ClusterIP and allocates a
port on every node which routes to the clusterIP. "LoadBalancer"
builds on NodePort and creates an external load-balancer (if
supported in the current cloud) which routes to the clusterIP.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types'
type: string
type: object
serviceAccount:
description: ServiceAccount defines Jenkins master service account
attributes
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map stored
with a resource that may be set by external tools to store and
retrieve arbitrary metadata. They are not queryable and should
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
type: object
slaveService:
description: 'Service is Kubernetes service of Jenkins slave pods
Defaults to : port: 50000 type: ClusterIP'
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map stored
with a resource that may be set by external tools to store and
retrieve arbitrary metadata. They are not queryable and should
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
labels:
additionalProperties:
type: string
description: 'Route service traffic to pods with label keys and
values matching this selector. If empty or not present, the
service is assumed to have an external process managing its
endpoints, which Kubernetes will not modify. Only applies to
types ClusterIP, NodePort, and LoadBalancer. Ignored if type
is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
type: object
loadBalancerIP:
description: 'Only applies to Service Type: LoadBalancer LoadBalancer
will get created with the IP specified in this field. This feature
depends on whether the underlying cloud-provider supports specifying
the loadBalancerIP when a load balancer is created. This field
will be ignored if the cloud-provider does not support the feature.'
type: string
loadBalancerSourceRanges:
description: 'If specified and supported by the platform, this
will restrict traffic through the cloud-provider load-balancer
will be restricted to the specified client IPs. This field will
be ignored if the cloud-provider does not support the feature."
More info: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access'
items:
type: string
type: array
nodePort:
description: 'The port on each node on which this service is exposed
when type=NodePort or LoadBalancer. Usually assigned by the
system. If specified, it will be allocated to the service if
unused or else creation of the service will fail. Default is
to auto-allocate a port if the ServiceType of this Service requires
one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
format: int32
type: integer
port:
description: 'The port that are exposed by this service. More
info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
format: int32
type: integer
type:
description: 'Type determines how the Service is exposed. Defaults
to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort,
and LoadBalancer. "ExternalName" maps to the specified externalName.
"ClusterIP" allocates a cluster-internal IP address for load-balancing
to endpoints. Endpoints are determined by the selector or if
that is not specified, by manual construction of an Endpoints
object. If clusterIP is "None", no virtual IP is allocated and
the endpoints are published as a set of endpoints rather than
a stable IP. "NodePort" builds on ClusterIP and allocates a
port on every node which routes to the clusterIP. "LoadBalancer"
builds on NodePort and creates an external load-balancer (if
supported in the current cloud) which routes to the clusterIP.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types'
type: string
type: object
required:
- jenkinsAPISettings
- master
type: object
status:
description: Status defines the observed state of Jenkins
properties:
appliedGroovyScripts:
description: AppliedGroovyScripts is a list with all applied groovy
scripts in Jenkins by the operator
items:
description: AppliedGroovyScript is the applied groovy script in
Jenkins by the operator.