diff --git a/library/k8s_v1_binding.py b/library/k8s_v1_binding.py index 1ada7a08..11c7bc68 100644 --- a/library/k8s_v1_binding.py +++ b/library/k8s_v1_binding.py @@ -124,7 +124,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -231,6 +231,150 @@ binding: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -266,6 +410,14 @@ binding: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_component_status.py b/library/k8s_v1_component_status.py index 4ac69d34..c47632ba 100644 --- a/library/k8s_v1_component_status.py +++ b/library/k8s_v1_component_status.py @@ -87,7 +87,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -218,6 +218,150 @@ component_status: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -253,6 +397,14 @@ component_status: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_component_status_list.py b/library/k8s_v1_component_status_list.py index 8398fba1..734e21b6 100644 --- a/library/k8s_v1_component_status_list.py +++ b/library/k8s_v1_component_status_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -65,7 +61,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ component_status_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ component_status_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_config_map.py b/library/k8s_v1_config_map.py index 2a836e98..0ce937e5 100644 --- a/library/k8s_v1_config_map.py +++ b/library/k8s_v1_config_map.py @@ -29,8 +29,8 @@ options: - The name of a context found in the Kubernetes config file. data: description: - - Data contains the configuration data. Each key must be a valid DNS_SUBDOMAIN - with an optional leading dot. + - Data contains the configuration data. Each key must consist of alphanumeric + characters, '-', '_' or '.'. type: dict debug: description: @@ -112,7 +112,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -134,8 +134,8 @@ config_map: type: str data: description: - - Data contains the configuration data. Each key must be a valid DNS_SUBDOMAIN - with an optional leading dot. + - Data contains the configuration data. Each key must consist of alphanumeric + characters, '-', '_' or '.'. type: complex contains: str, str kind: @@ -225,6 +225,150 @@ config_map: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -260,6 +404,14 @@ config_map: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_config_map_list.py b/library/k8s_v1_config_map_list.py index 5fa58eea..31b67742 100644 --- a/library/k8s_v1_config_map_list.py +++ b/library/k8s_v1_config_map_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -122,8 +118,8 @@ config_map_list: type: str data: description: - - Data contains the configuration data. Each key must be a valid DNS_SUBDOMAIN - with an optional leading dot. + - Data contains the configuration data. Each key must consist of alphanumeric + characters, '-', '_' or '.'. type: complex contains: str, str kind: @@ -216,6 +212,153 @@ config_map_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -252,6 +395,14 @@ config_map_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_endpoints.py b/library/k8s_v1_endpoints.py index 5984fe14..10c13532 100644 --- a/library/k8s_v1_endpoints.py +++ b/library/k8s_v1_endpoints.py @@ -116,7 +116,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -223,6 +223,150 @@ endpoints: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -258,6 +402,14 @@ endpoints: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_endpoints_list.py b/library/k8s_v1_endpoints_list.py index e817ecf7..44bfb4c2 100644 --- a/library/k8s_v1_endpoints_list.py +++ b/library/k8s_v1_endpoints_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ endpoints_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ endpoints_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_event.py b/library/k8s_v1_event.py index 5d9d0ab4..31a7e6bf 100644 --- a/library/k8s_v1_event.py +++ b/library/k8s_v1_event.py @@ -36,6 +36,10 @@ options: - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log default: false type: bool + first_timestamp: + description: + - The time at which the event was first recorded. (Time of server receipt is in + TypeMeta.) force: description: - If set to C(True), and I(state) is C(present), an existing object will updated, @@ -101,6 +105,9 @@ options: - Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. type: dict + last_timestamp: + description: + - The time at which the most recent occurrence of this event was recorded. message: description: - A human-readable description of the status of this operation. @@ -172,7 +179,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -338,6 +345,150 @@ event: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -373,6 +524,14 @@ event: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_event_list.py b/library/k8s_v1_event_list.py index eb25e735..598b6582 100644 --- a/library/k8s_v1_event_list.py +++ b/library/k8s_v1_event_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -270,6 +266,153 @@ event_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -306,6 +449,14 @@ event_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_horizontal_pod_autoscaler.py b/library/k8s_v1_horizontal_pod_autoscaler.py index f8be0623..2389923b 100644 --- a/library/k8s_v1_horizontal_pod_autoscaler.py +++ b/library/k8s_v1_horizontal_pod_autoscaler.py @@ -143,7 +143,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -259,6 +259,150 @@ horizontal_pod_autoscaler: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -294,6 +438,14 @@ horizontal_pod_autoscaler: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_horizontal_pod_autoscaler_list.py b/library/k8s_v1_horizontal_pod_autoscaler_list.py index 6a44f2f1..39ee7ac4 100644 --- a/library/k8s_v1_horizontal_pod_autoscaler_list.py +++ b/library/k8s_v1_horizontal_pod_autoscaler_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ horizontal_pod_autoscaler_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ horizontal_pod_autoscaler_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_job.py b/library/k8s_v1_job.py index 3a6dca9b..0a3ca154 100644 --- a/library/k8s_v1_job.py +++ b/library/k8s_v1_job.py @@ -85,17 +85,17 @@ options: type: int spec_completions: description: - - Completions specifies the desired number of successfully finished pods the job - should be run with. Setting to nil means that the success of any pod signals - the success of all pods, and allows parallelism to have any positive value. - Setting to 1 means that parallelism is limited to 1 and the success of that - pod signals the success of the job. + - Specifies the desired number of successfully finished pods the job should be + run with. Setting to nil means that the success of any pod signals the success + of all pods, and allows parallelism to have any positive value. Setting to 1 + means that parallelism is limited to 1 and the success of that pod signals the + success of the job. aliases: - completions type: int spec_manual_selector: description: - - ManualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` + - manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying @@ -107,9 +107,9 @@ options: type: bool spec_parallelism: description: - - Parallelism specifies the maximum desired number of pods the job should run - at any given time. The actual number of pods running in steady state will be - less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), + - Specifies the maximum desired number of pods the job should run at any given + time. The actual number of pods running in steady state will be less than this + number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. aliases: - parallelism @@ -161,6 +161,98 @@ options: aliases: - active_deadline_seconds type: int + spec_template_spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + spec_template_spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - automount_service_account_token + type: bool spec_template_spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -170,10 +262,18 @@ options: type: list spec_template_spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - dns_policy + spec_template_spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - host_aliases + type: list spec_template_spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -209,6 +309,21 @@ options: aliases: - image_pull_secrets type: list + spec_template_spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - init_containers + type: list spec_template_spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -230,6 +345,12 @@ options: Never. Default to Always. aliases: - restart_policy + spec_template_spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - scheduler_name spec_template_spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -318,6 +439,12 @@ options: aliases: - termination_grace_period_seconds type: int + spec_template_spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - tolerations + type: list spec_template_spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. @@ -355,7 +482,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -462,6 +589,150 @@ job: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -497,6 +768,14 @@ job: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -535,7 +814,7 @@ job: type: str spec: description: - - Spec is a structure defining the expected behavior of a job. + - Specification of the desired behavior of a job. type: complex contains: active_deadline_seconds: @@ -546,15 +825,15 @@ job: type: int completions: description: - - Completions specifies the desired number of successfully finished pods - the job should be run with. Setting to nil means that the success of any - pod signals the success of all pods, and allows parallelism to have any - positive value. Setting to 1 means that parallelism is limited to 1 and - the success of that pod signals the success of the job. + - Specifies the desired number of successfully finished pods the job should + be run with. Setting to nil means that the success of any pod signals + the success of all pods, and allows parallelism to have any positive value. + Setting to 1 means that parallelism is limited to 1 and the success of + that pod signals the success of the job. type: int manual_selector: description: - - ManualSelector controls generation of pod labels and pod selectors. Leave + - manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for @@ -565,15 +844,15 @@ job: type: bool parallelism: description: - - Parallelism specifies the maximum desired number of pods the job should - run at any given time. The actual number of pods running in steady state - will be less than this number when ((.spec.completions - .status.successful) - < .spec.parallelism), i.e. when the work left to do is less than max parallelism. + - Specifies the maximum desired number of pods the job should run at any + given time. The actual number of pods running in steady state will be + less than this number when ((.spec.completions - .status.successful) < + .spec.parallelism), i.e. when the work left to do is less than max parallelism. type: int selector: description: - - Selector is a label query over pods that should match the pod count. Normally, - the system sets this field for you. + - A label query over pods that should match the pod count. Normally, the + system sets this field for you. type: complex contains: match_expressions: @@ -609,8 +888,7 @@ job: contains: str, str template: description: - - Template is the object that describes the pod that will be created when - executing a job. + - Describes the pod that will be created when executing a job. type: complex contains: metadata: @@ -699,6 +977,158 @@ job: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -736,6 +1166,14 @@ job: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -787,6 +1225,493 @@ job: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -858,11 +1783,17 @@ job: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -891,8 +1822,7 @@ job: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -911,6 +1841,53 @@ job: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -987,8 +1964,7 @@ job: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1000,13 +1976,17 @@ job: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -1069,8 +2049,7 @@ job: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1082,13 +2061,17 @@ job: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -1152,8 +2135,7 @@ job: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1181,13 +2163,17 @@ job: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1299,8 +2285,7 @@ job: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1328,13 +2313,17 @@ job: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1350,7 +2339,7 @@ job: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1358,10 +2347,10 @@ job: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1462,7 +2451,20 @@ job: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -1502,9 +2504,27 @@ job: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1537,6 +2557,805 @@ job: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -1555,6 +3374,11 @@ job: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1651,6 +3475,46 @@ job: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -1714,6 +3578,13 @@ job: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -1823,9 +3694,9 @@ job: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -1851,6 +3722,10 @@ job: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -1919,8 +3794,7 @@ job: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1937,6 +3811,15 @@ job: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -2111,6 +3994,14 @@ job: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -2131,11 +4022,27 @@ job: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -2197,6 +4104,209 @@ job: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2279,6 +4389,67 @@ job: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2301,8 +4472,9 @@ job: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -2324,10 +4496,58 @@ job: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -2340,30 +4560,38 @@ job: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk type: str status: description: - - Status is a structure describing current status of a job. + - Current status of a job. type: complex contains: active: description: - - Active is the number of actively running pods. + - The number of actively running pods. type: int completion_time: description: - - CompletionTime represents time when the job was completed. It is not guaranteed - to be set in happens-before order across separate operations. It is represented + - Represents time when the job was completed. It is not guaranteed to be + set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC. type: complex contains: {} conditions: description: - - Conditions represent the latest available observations of an object's - current state. + - The latest available observations of an object's current state. type: list contains: last_probe_time: @@ -2394,18 +4622,18 @@ job: type: str failed: description: - - Failed is the number of pods which reached Phase Failed. + - The number of pods which reached phase Failed. type: int start_time: description: - - StartTime represents time when the job was acknowledged by the Job Manager. - It is not guaranteed to be set in happens-before order across separate - operations. It is represented in RFC3339 form and is in UTC. + - Represents time when the job was acknowledged by the job controller. It + is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. type: complex contains: {} succeeded: description: - - Succeeded is the number of pods which reached Phase Succeeded. + - The number of pods which reached phase Succeeded. type: int ''' diff --git a/library/k8s_v1_job_list.py b/library/k8s_v1_job_list.py index a96cce82..26f8286f 100644 --- a/library/k8s_v1_job_list.py +++ b/library/k8s_v1_job_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -111,7 +107,7 @@ job_list: type: str items: description: - - Items is the list of Job. + - items is the list of Jobs. type: list contains: api_version: @@ -210,6 +206,153 @@ job_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ job_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -287,7 +438,7 @@ job_list: type: str spec: description: - - Spec is a structure defining the expected behavior of a job. + - Specification of the desired behavior of a job. type: complex contains: active_deadline_seconds: @@ -298,16 +449,15 @@ job_list: type: int completions: description: - - Completions specifies the desired number of successfully finished - pods the job should be run with. Setting to nil means that the success - of any pod signals the success of all pods, and allows parallelism - to have any positive value. Setting to 1 means that parallelism is - limited to 1 and the success of that pod signals the success of the - job. + - Specifies the desired number of successfully finished pods the job + should be run with. Setting to nil means that the success of any pod + signals the success of all pods, and allows parallelism to have any + positive value. Setting to 1 means that parallelism is limited to + 1 and the success of that pod signals the success of the job. type: int manual_selector: description: - - ManualSelector controls generation of pod labels and pod selectors. + - manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible @@ -318,16 +468,16 @@ job_list: type: bool parallelism: description: - - Parallelism specifies the maximum desired number of pods the job should - run at any given time. The actual number of pods running in steady - state will be less than this number when ((.spec.completions - .status.successful) + - Specifies the maximum desired number of pods the job should run at + any given time. The actual number of pods running in steady state + will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. type: int selector: description: - - Selector is a label query over pods that should match the pod count. - Normally, the system sets this field for you. + - A label query over pods that should match the pod count. Normally, + the system sets this field for you. type: complex contains: match_expressions: @@ -363,8 +513,7 @@ job_list: contains: str, str template: description: - - Template is the object that describes the pod that will be created - when executing a job. + - Describes the pod that will be created when executing a job. type: complex contains: metadata: @@ -458,6 +607,162 @@ job_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -496,6 +801,15 @@ job_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -548,6 +862,510 @@ job_list: try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the + system may or may not try to eventually evict the + pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system will try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must + be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some + other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by + iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches + the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this + field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system will + try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this + field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot @@ -621,11 +1439,17 @@ job_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -655,8 +1479,7 @@ job_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -675,6 +1498,53 @@ job_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -753,8 +1623,7 @@ job_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -766,13 +1635,17 @@ job_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is @@ -836,8 +1709,7 @@ job_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -849,13 +1721,17 @@ job_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be @@ -920,8 +1796,7 @@ job_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -949,13 +1824,17 @@ job_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1071,8 +1950,7 @@ job_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1100,13 +1978,17 @@ job_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1123,7 +2005,7 @@ job_list: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1131,10 +2013,10 @@ job_list: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1240,8 +2122,21 @@ job_list: \ termination message will be written is mounted into\ \ the container's filesystem. Message written is intended\ \ to be brief final status, such as an assertion failure\ - \ message. Defaults to /dev/termination-log. Cannot be\ - \ updated." + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. type: str tty: description: @@ -1282,9 +2177,27 @@ job_list: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To + have DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will + be injected into the pod's hosts file if specified. This is + only valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1318,6 +2231,825 @@ job_list: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init + containers are executed in order prior to containers being + started. If any init container fails, the pod is considered + to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be + unique among all containers. Init containers may not have + Lifecycle actions, Readiness probes, or Liveness probes. The + resourceRequirements of an init container are taken into account + during scheduling by finding the highest request/limit for + each resource type, and then using the max of of that value + or the sum of the normal containers. Limits are applied to + init containers in a similar fashion. Init containers cannot + currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is\ + \ used if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a\ + \ variable cannot be resolved, the reference in the input\ + \ string will be unchanged. The $(VAR_NAME) syntax can\ + \ be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided.\ + \ Variable references $(VAR_NAME) are expanded using the\ + \ container's environment. If a variable cannot be resolved,\ + \ the reference in the input string will be unchanged.\ + \ The $(VAR_NAME) syntax can be escaped with a double\ + \ $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists\ + \ or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. + Cannot be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the + container and any service environment variables. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot + be used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must + be a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container + is created. If the handler fails, the container is + terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is + terminated. The container is terminated after the + handler completes. The reason for termination is passed + to the handler. Regardless of the outcome of the handler, + the container is eventually terminated. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be + restarted if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be + updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a + port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will + be accessible from the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If + HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have + a unique name. Name for the port that can be referred + to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to + "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. + Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be + updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted + by the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the + host. Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image + at runtime to ensure that it does not run as UID 0 + (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate + a random SELinux context for each container. May also + be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the + container. + type: str + role: + description: + - Role is a SELinux role label that applies to the + container. + type: str + type: + description: + - Type is a SELinux type label that applies to the + container. + type: str + user: + description: + - User is a SELinux user label that applies to the + container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default + is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple + attach sessions. If stdinOnce is set to true, stdin is + opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into\ + \ the container's filesystem. Message written is intended\ + \ to be brief final status, such as an assertion failure\ + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, + also requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should + be mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific @@ -1336,6 +3068,11 @@ job_list: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1434,6 +3171,46 @@ job_list: Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a + pod can tolerate all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If + the operator is Exists, the value should be empty, otherwise + just a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging @@ -1498,6 +3275,13 @@ job_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will @@ -1610,8 +3394,9 @@ job_list: projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will - error. Paths must be relative and may not contain - the '..' path or start with '..'. + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. type: list contains: key: @@ -1638,6 +3423,11 @@ job_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be + defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that @@ -1708,8 +3498,7 @@ job_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1726,6 +3515,16 @@ job_list: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir + would be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that the + limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached @@ -1903,6 +3702,14 @@ job_list: to a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -1923,11 +3730,27 @@ job_list: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an + IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or @@ -1991,6 +3814,217 @@ job_list: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and + mounted on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to + be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and + downward API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must + be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will + be projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys + must be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: + only annotations, labels, name and namespace + are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath + is written in terms of, defaults to + "v1". + type: str + field_path: + description: + - Path of the field to select in the + specified API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not\ + \ be absolute or contain the '..' path.\ + \ Must be utf-8 encoded. The first item\ + \ of the relative path must not start\ + \ with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the + exposed resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced Secret will be + projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must + be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2074,6 +4108,68 @@ job_list: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured + storage (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user + and other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should + be thick or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2096,9 +4192,9 @@ job_list: is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is - not present in the Secret, the volume setup will error. - Paths must be relative and may not contain the '..' - path or start with '..'. + not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. type: list contains: key: @@ -2121,10 +4217,60 @@ job_list: path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then + the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and @@ -2138,30 +4284,38 @@ job_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk type: str status: description: - - Status is a structure describing current status of a job. + - Current status of a job. type: complex contains: active: description: - - Active is the number of actively running pods. + - The number of actively running pods. type: int completion_time: description: - - CompletionTime represents time when the job was completed. It is not - guaranteed to be set in happens-before order across separate operations. - It is represented in RFC3339 form and is in UTC. + - Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. It is represented + in RFC3339 form and is in UTC. type: complex contains: {} conditions: description: - - Conditions represent the latest available observations of an object's - current state. + - The latest available observations of an object's current state. type: list contains: last_probe_time: @@ -2192,18 +4346,18 @@ job_list: type: str failed: description: - - Failed is the number of pods which reached Phase Failed. + - The number of pods which reached phase Failed. type: int start_time: description: - - StartTime represents time when the job was acknowledged by the Job - Manager. It is not guaranteed to be set in happens-before order across - separate operations. It is represented in RFC3339 form and is in UTC. + - Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate + operations. It is represented in RFC3339 form and is in UTC. type: complex contains: {} succeeded: description: - - Succeeded is the number of pods which reached Phase Succeeded. + - The number of pods which reached phase Succeeded. type: int kind: description: @@ -2213,7 +4367,7 @@ job_list: type: str metadata: description: - - Standard list metadata + - Standard list metadata. type: complex contains: resource_version: diff --git a/library/k8s_v1_limit_range.py b/library/k8s_v1_limit_range.py index dcf9bb6c..150bc7ba 100644 --- a/library/k8s_v1_limit_range.py +++ b/library/k8s_v1_limit_range.py @@ -113,7 +113,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -220,6 +220,150 @@ limit_range: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -255,6 +399,14 @@ limit_range: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -306,18 +458,18 @@ limit_range: - Default resource requirement limit value by resource name if resource limit is omitted. type: complex - contains: str, ResourceQuantity + contains: str, str default_request: description: - DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. type: complex - contains: str, ResourceQuantity + contains: str, str max: description: - Max usage constraints on this kind by resource name. type: complex - contains: str, ResourceQuantity + contains: str, str max_limit_request_ratio: description: - MaxLimitRequestRatio if specified, the named resource must have a @@ -325,12 +477,12 @@ limit_range: is less than or equal to the enumerated value; this represents the max burst for the named resource. type: complex - contains: str, ResourceQuantity + contains: str, str min: description: - Min usage constraints on this kind by resource name. type: complex - contains: str, ResourceQuantity + contains: str, str type: description: - Type of resource that this limit applies to. diff --git a/library/k8s_v1_limit_range_list.py b/library/k8s_v1_limit_range_list.py index fad5d09e..948b3d1f 100644 --- a/library/k8s_v1_limit_range_list.py +++ b/library/k8s_v1_limit_range_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ limit_range_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ limit_range_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -300,18 +451,18 @@ limit_range_list: - Default resource requirement limit value by resource name if resource limit is omitted. type: complex - contains: str, ResourceQuantity + contains: str, str default_request: description: - DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. type: complex - contains: str, ResourceQuantity + contains: str, str max: description: - Max usage constraints on this kind by resource name. type: complex - contains: str, ResourceQuantity + contains: str, str max_limit_request_ratio: description: - MaxLimitRequestRatio if specified, the named resource must have @@ -319,12 +470,12 @@ limit_range_list: by request is less than or equal to the enumerated value; this represents the max burst for the named resource. type: complex - contains: str, ResourceQuantity + contains: str, str min: description: - Min usage constraints on this kind by resource name. type: complex - contains: str, ResourceQuantity + contains: str, str type: description: - Type of resource that this limit applies to. diff --git a/library/k8s_v1_local_subject_access_review.py b/library/k8s_v1_local_subject_access_review.py new file mode 100644 index 00000000..89ffeeb2 --- /dev/null +++ b/library/k8s_v1_local_subject_access_review.py @@ -0,0 +1,600 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1_local_subject_access_review +short_description: Kubernetes LocalSubjectAccessReview +description: +- Manage the lifecycle of a local_subject_access_review object. Supports check mode, + and attempts to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + spec_extra: + description: + - Extra corresponds to the user.Info.GetExtra() method from the authenticator. + Since that is input to the authorizer it needs a reflection here. + aliases: + - extra + type: dict + spec_groups: + description: + - Groups is the groups you're testing for. + aliases: + - groups + type: list + spec_non_resource_attributes_path: + description: + - Path is the URL path of the request + aliases: + - non_resource_attributes_path + spec_non_resource_attributes_verb: + description: + - Verb is the standard HTTP verb + aliases: + - non_resource_attributes_verb + spec_resource_attributes_group: + description: + - Group is the API Group of the Resource. "*" means all. + aliases: + - resource_attributes_group + spec_resource_attributes_name: + description: + - Name is the name of the resource being requested for a "get" or deleted for + a "delete". "" (empty) means all. + aliases: + - resource_attributes_name + spec_resource_attributes_namespace: + description: + - Namespace is the namespace of the action being requested. Currently, there is + no distinction between no namespace and all namespaces "" (empty) is defaulted + for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources + "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview + or SelfSubjectAccessReview + aliases: + - resource_attributes_namespace + spec_resource_attributes_resource: + description: + - Resource is one of the existing resource types. "*" means all. + aliases: + - resource_attributes_resource + spec_resource_attributes_subresource: + description: + - Subresource is one of the existing resource types. "" means none. + aliases: + - resource_attributes_subresource + spec_resource_attributes_verb: + description: + - 'Verb is a kubernetes resource API verb, like: get, list, watch, create, update, + delete, proxy. "*" means all.' + aliases: + - resource_attributes_verb + spec_resource_attributes_version: + description: + - Version is the API Version of the Resource. "*" means all. + aliases: + - resource_attributes_version + spec_user: + description: + - User is the user you're testing for. If you specify "User" but not "Groups", + then is it interpreted as "What if User were not a member of any groups + aliases: + - user + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +local_subject_access_review: + type: complex + returned: on success + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: [] + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + spec: + description: + - Spec holds information about the request being evaluated. spec.namespace must + be equal to the namespace you made the request against. If empty, it is defaulted. + type: complex + contains: + extra: + description: + - Extra corresponds to the user.Info.GetExtra() method from the authenticator. + Since that is input to the authorizer it needs a reflection here. + type: complex + contains: str, list[str] + groups: + description: + - Groups is the groups you're testing for. + type: list + contains: str + non_resource_attributes: + description: + - NonResourceAttributes describes information for a non-resource access + request + type: complex + contains: + path: + description: + - Path is the URL path of the request + type: str + verb: + description: + - Verb is the standard HTTP verb + type: str + resource_attributes: + description: + - ResourceAuthorizationAttributes describes information for a resource access + request + type: complex + contains: + group: + description: + - Group is the API Group of the Resource. "*" means all. + type: str + name: + description: + - Name is the name of the resource being requested for a "get" or deleted + for a "delete". "" (empty) means all. + type: str + namespace: + description: + - Namespace is the namespace of the action being requested. Currently, + there is no distinction between no namespace and all namespaces "" + (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty + for cluster-scoped resources "" (empty) means "all" for namespace + scoped resources from a SubjectAccessReview or SelfSubjectAccessReview + type: str + resource: + description: + - Resource is one of the existing resource types. "*" means all. + type: str + subresource: + description: + - Subresource is one of the existing resource types. "" means none. + type: str + verb: + description: + - 'Verb is a kubernetes resource API verb, like: get, list, watch, create, + update, delete, proxy. "*" means all.' + type: str + version: + description: + - Version is the API Version of the Resource. "*" means all. + type: str + user: + description: + - User is the user you're testing for. If you specify "User" but not "Groups", + then is it interpreted as "What if User were not a member of any groups + type: str + status: + description: + - Status is filled in by the server and indicates whether the request is allowed + or not + type: complex + contains: + allowed: + description: + - Allowed is required. True if the action would be allowed, false otherwise. + type: bool + evaluation_error: + description: + - EvaluationError is an indication that some error occurred during the authorization + check. It is entirely possible to get an error and be able to continue + determine authorization status in spite of it. For instance, RBAC can + be missing a role, but enough roles are still present and bound to reason + about the request. + type: str + reason: + description: + - Reason is optional. It indicates why a request was allowed or denied. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('local_subject_access_review', 'V1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1_namespace.py b/library/k8s_v1_namespace.py index 9d886b18..0a01fe3a 100644 --- a/library/k8s_v1_namespace.py +++ b/library/k8s_v1_namespace.py @@ -114,7 +114,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -272,6 +272,150 @@ namespace: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -307,6 +451,14 @@ namespace: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_namespace_list.py b/library/k8s_v1_namespace_list.py index 19ed6ffa..bfb0a722 100644 --- a/library/k8s_v1_namespace_list.py +++ b/library/k8s_v1_namespace_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ namespace_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ namespace_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_network_policy.py b/library/k8s_v1_network_policy.py new file mode 100644 index 00000000..ee7d7787 --- /dev/null +++ b/library/k8s_v1_network_policy.py @@ -0,0 +1,653 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1_network_policy +short_description: Kubernetes NetworkPolicy +description: +- Manage the lifecycle of a network_policy object. Supports check mode, and attempts + to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + spec_ingress: + description: + - List of ingress rules to be applied to the selected pods. Traffic is allowed + to a pod if there are no NetworkPolicies selecting the pod (and cluster policy + otherwise allows the traffic), OR if the traffic source is the pod's local node, + OR if the traffic matches at least one ingress rule across all of the NetworkPolicy + objects whose podSelector matches the pod. If this field is empty then this + NetworkPolicy does not allow any traffic (and serves solely to ensure that the + pods it selects are isolated by default) + aliases: + - ingress + type: list + spec_pod_selector_match_expressions: + description: + - matchExpressions is a list of label selector requirements. The requirements + are ANDed. + aliases: + - pod_selector_match_expressions + type: list + spec_pod_selector_match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only "value". The requirements + are ANDed. + aliases: + - pod_selector_match_labels + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +network_policy: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + spec: + description: + - Specification of the desired behavior for this NetworkPolicy. + type: complex + contains: + ingress: + description: + - List of ingress rules to be applied to the selected pods. Traffic is allowed + to a pod if there are no NetworkPolicies selecting the pod (and cluster + policy otherwise allows the traffic), OR if the traffic source is the + pod's local node, OR if the traffic matches at least one ingress rule + across all of the NetworkPolicy objects whose podSelector matches the + pod. If this field is empty then this NetworkPolicy does not allow any + traffic (and serves solely to ensure that the pods it selects are isolated + by default) + type: list + contains: + _from: + description: + - List of sources which should be able to access the pods selected for + this rule. Items in this list are combined using a logical OR operation. + If this field is empty or missing, this rule matches all sources (traffic + not restricted by source). If this field is present and contains at + least on item, this rule allows traffic only if the traffic matches + at least one item in the from list. + type: list + contains: + namespace_selector: + description: + - Selects Namespaces using cluster scoped-labels. This matches all + pods in all namespaces selected by this label selector. This field + follows standard label selector semantics. If present but empty, + this selector selects all namespaces. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies to. + type: str + operator: + description: + - operator represents a key's relationship to a set of values. + Valid operators ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator is + In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values + array contains only "value". The requirements are ANDed. + type: complex + contains: str, str + pod_selector: + description: + - This is a label selector which selects Pods in this namespace. + This field follows standard label selector semantics. If present + but empty, this selector selects all pods in this namespace. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies to. + type: str + operator: + description: + - operator represents a key's relationship to a set of values. + Valid operators ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator is + In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values + array contains only "value". The requirements are ANDed. + type: complex + contains: str, str + ports: + description: + - List of ports which should be made accessible on the pods selected + for this rule. Each item in this list is combined using a logical + OR. If this field is empty or missing, this rule matches all ports + (traffic not restricted by port). If this field is present and contains + at least one item, then this rule allows traffic only if the traffic + matches at least one port in the list. + type: list + contains: + port: + description: + - The port on the given protocol. This can either be a numerical + or named port on a pod. If this field is not provided, this matches + all port names and numbers. + type: str + protocol: + description: + - The protocol (TCP or UDP) which traffic must match. If not specified, + this field defaults to TCP. + type: str + pod_selector: + description: + - Selects the pods to which this NetworkPolicy object applies. The array + of ingress rules is applied to any pods selected by this field. Multiple + network policies can select the same set of pods. In this case, the ingress + rules for each are combined additively. This field is NOT optional and + follows standard label selector semantics. An empty podSelector matches + all pods in this namespace. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. The requirements + are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies to. + type: str + operator: + description: + - operator represents a key's relationship to a set of values. Valid + operators ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator is In or + NotIn, the values array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must be empty. This array + is replaced during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} in + the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: complex + contains: str, str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('network_policy', 'V1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1_network_policy_list.py b/library/k8s_v1_network_policy_list.py new file mode 100644 index 00000000..a961ec93 --- /dev/null +++ b/library/k8s_v1_network_policy_list.py @@ -0,0 +1,650 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1_network_policy_list +short_description: Kubernetes NetworkPolicyList +description: +- Retrieve a list of network_policys. List operations provide a snapshot read of the + underlying objects, returning a resource_version representing a consistent version + of the listed objects. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +network_policy_list: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + items: + description: + - Items is a list of schema objects. + type: list + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource + that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used + to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is + going to ignore it if set in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. + It is represented in RFC3339 form and is in UTC. Populated by the + system. Read-only. Null for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource + will be deleted. This field is set by the server when a graceful deletion + is requested by the user, and is not directly settable by a client. + The resource is expected to be deleted (no longer visible from resource + lists, and not reachable by name) after the time in this field. Once + set, this value may not be unset or be set further into the future, + although it may be shortened or the resource may be deleted prior + to this time. For example, a user may request that a pod is deleted + in 30 seconds. The Kubelet will react by sending a graceful termination + signal to the containers in the pod. After that 30 seconds, the Kubelet + will send a hard termination signal (SIGKILL) to the container and + after cleanup, remove the pod from the API. In the presence of network + partitions, this object may still exist after this timestamp, until + an administrator or automated process can determine the resource is + fully terminated. If not set, graceful deletion of the object has + not been requested. Populated by the system when a graceful deletion + is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each + entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is + non-nil, entries in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate + a unique name ONLY IF the Name field has not been provided. If this + field is used, the name returned to the client will be different than + the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make + the value unique on the server. If this field is specified and the + generated name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time allotted, + and the client should retry (optionally after the time indicated in + the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired + state. Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily + intended for creation idempotence and configuration definition. Cannot + be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" + is the canonical representation. Not all objects are required to be + scoped to a namespace - the value of this field for those objects + will be empty. Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list + have been deleted, this object will be garbage collected. If this + object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object + that can be used by clients to determine when objects have changed. + May be used for optimistic concurrency, change detection, and the + watch operation on a resource or set of resources. Clients must treat + these values as opaque and passed unmodified back to the server. They + may only be valid for a particular resource or set of resources. Populated + by the system. Read-only. Value must be treated as opaque by clients + and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. + Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is + not allowed to change on PUT operations. Populated by the system. + Read-only. + type: str + spec: + description: + - Specification of the desired behavior for this NetworkPolicy. + type: complex + contains: + ingress: + description: + - List of ingress rules to be applied to the selected pods. Traffic + is allowed to a pod if there are no NetworkPolicies selecting the + pod (and cluster policy otherwise allows the traffic), OR if the traffic + source is the pod's local node, OR if the traffic matches at least + one ingress rule across all of the NetworkPolicy objects whose podSelector + matches the pod. If this field is empty then this NetworkPolicy does + not allow any traffic (and serves solely to ensure that the pods it + selects are isolated by default) + type: list + contains: + _from: + description: + - List of sources which should be able to access the pods selected + for this rule. Items in this list are combined using a logical + OR operation. If this field is empty or missing, this rule matches + all sources (traffic not restricted by source). If this field + is present and contains at least on item, this rule allows traffic + only if the traffic matches at least one item in the from list. + type: list + contains: + namespace_selector: + description: + - Selects Namespaces using cluster scoped-labels. This matches + all pods in all namespaces selected by this label selector. + This field follows standard label selector semantics. If present + but empty, this selector selects all namespaces. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies to. + type: str + operator: + description: + - operator represents a key's relationship to a set + of values. Valid operators ard In, NotIn, Exists and + DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of + matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The + requirements are ANDed. + type: complex + contains: str, str + pod_selector: + description: + - This is a label selector which selects Pods in this namespace. + This field follows standard label selector semantics. If present + but empty, this selector selects all pods in this namespace. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies to. + type: str + operator: + description: + - operator represents a key's relationship to a set + of values. Valid operators ard In, NotIn, Exists and + DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of + matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The + requirements are ANDed. + type: complex + contains: str, str + ports: + description: + - List of ports which should be made accessible on the pods selected + for this rule. Each item in this list is combined using a logical + OR. If this field is empty or missing, this rule matches all ports + (traffic not restricted by port). If this field is present and + contains at least one item, then this rule allows traffic only + if the traffic matches at least one port in the list. + type: list + contains: + port: + description: + - The port on the given protocol. This can either be a numerical + or named port on a pod. If this field is not provided, this + matches all port names and numbers. + type: str + protocol: + description: + - The protocol (TCP or UDP) which traffic must match. If not + specified, this field defaults to TCP. + type: str + pod_selector: + description: + - Selects the pods to which this NetworkPolicy object applies. The array + of ingress rules is applied to any pods selected by this field. Multiple + network policies can select the same set of pods. In this case, the + ingress rules for each are combined additively. This field is NOT + optional and follows standard label selector semantics. An empty podSelector + matches all pods in this namespace. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. The + requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies to. + type: str + operator: + description: + - operator represents a key's relationship to a set of values. + Valid operators ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator is In + or NotIn, the values array must be non-empty. If the operator + is Exists or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values + array contains only "value". The requirements are ANDed. + type: complex + contains: str, str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this object that + can be used by clients to determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('network_policy_list', 'V1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1_node.py b/library/k8s_v1_node.py index cb9bedf4..5e2b084f 100644 --- a/library/k8s_v1_node.py +++ b/library/k8s_v1_node.py @@ -92,6 +92,12 @@ options: - 'ID of the node assigned by the cloud provider in the format: ://' aliases: - provider_id + spec_taints: + description: + - If specified, the node's taints. + aliases: + - taints + type: list spec_unschedulable: description: - Unschedulable controls node schedulability of new pods. By default, node is @@ -130,7 +136,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -237,6 +243,150 @@ node: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -272,6 +422,14 @@ node: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -310,7 +468,7 @@ node: type: str spec: description: - - Spec defines the behavior of a node. http://releases.k8s.io/HEAD/docs/devel/api-conventions.md + - Spec defines the behavior of a node. type: complex contains: external_id: @@ -326,6 +484,30 @@ node: description: - 'ID of the node assigned by the cloud provider in the format: ://' type: str + taints: + description: + - If specified, the node's taints. + type: list + contains: + effect: + description: + - Required. The effect of the taint on pods that do not tolerate the + taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: str + key: + description: + - Required. The taint key to be applied to a node. + type: str + time_added: + description: + - TimeAdded represents the time at which the taint was added. It is + only written for NoExecute taints. + type: complex + contains: {} + value: + description: + - Required. The taint value corresponding to the taint key. + type: str unschedulable: description: - Unschedulable controls node schedulability of new pods. By default, node @@ -355,12 +537,12 @@ node: - Allocatable represents the resources of a node that are available for scheduling. Defaults to Capacity. type: complex - contains: str, ResourceQuantity + contains: str, str capacity: description: - Capacity represents the total resources of a node. type: complex - contains: str, ResourceQuantity + contains: str, str conditions: description: - Conditions is an array of current observed node conditions. @@ -454,7 +636,7 @@ node: machine_id: description: - 'MachineID reported by the node. For unique machine identification - in the cluster this field is prefered. Learn more from man(5) machine-id: + in the cluster this field is preferred. Learn more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html' type: str operating_system: @@ -469,7 +651,7 @@ node: system_uuid: description: - SystemUUID reported by the node. For unique machine identification - MachineID is prefered. This field is specific to Red Hat hosts + MachineID is preferred. This field is specific to Red Hat hosts type: str phase: description: diff --git a/library/k8s_v1_node_list.py b/library/k8s_v1_node_list.py index f38b8cca..9eca9eba 100644 --- a/library/k8s_v1_node_list.py +++ b/library/k8s_v1_node_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ node_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ node_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -287,7 +438,7 @@ node_list: type: str spec: description: - - Spec defines the behavior of a node. http://releases.k8s.io/HEAD/docs/devel/api-conventions.md + - Spec defines the behavior of a node. type: complex contains: external_id: @@ -303,6 +454,31 @@ node_list: description: - 'ID of the node assigned by the cloud provider in the format: ://' type: str + taints: + description: + - If specified, the node's taints. + type: list + contains: + effect: + description: + - Required. The effect of the taint on pods that do not tolerate + the taint. Valid effects are NoSchedule, PreferNoSchedule and + NoExecute. + type: str + key: + description: + - Required. The taint key to be applied to a node. + type: str + time_added: + description: + - TimeAdded represents the time at which the taint was added. It + is only written for NoExecute taints. + type: complex + contains: {} + value: + description: + - Required. The taint value corresponding to the taint key. + type: str unschedulable: description: - Unschedulable controls node schedulability of new pods. By default, @@ -332,12 +508,12 @@ node_list: - Allocatable represents the resources of a node that are available for scheduling. Defaults to Capacity. type: complex - contains: str, ResourceQuantity + contains: str, str capacity: description: - Capacity represents the total resources of a node. type: complex - contains: str, ResourceQuantity + contains: str, str conditions: description: - Conditions is an array of current observed node conditions. @@ -431,7 +607,7 @@ node_list: machine_id: description: - 'MachineID reported by the node. For unique machine identification - in the cluster this field is prefered. Learn more from man(5) + in the cluster this field is preferred. Learn more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html' type: str operating_system: @@ -446,7 +622,7 @@ node_list: system_uuid: description: - SystemUUID reported by the node. For unique machine identification - MachineID is prefered. This field is specific to Red Hat hosts + MachineID is preferred. This field is specific to Red Hat hosts type: str phase: description: diff --git a/library/k8s_v1_persistent_volume.py b/library/k8s_v1_persistent_volume.py index a9605849..774b1fd8 100644 --- a/library/k8s_v1_persistent_volume.py +++ b/library/k8s_v1_persistent_volume.py @@ -131,6 +131,13 @@ options: system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. aliases: - azure_disk_fs_type + spec_azure_disk_kind: + description: + - 'Expected values Shared: mulitple blob disks per storage account Dedicated: + single blob disk per storage account Managed: azure managed data disk (only + in managed availability set). defaults to shared' + aliases: + - azure_disk_kind spec_azure_disk_read_only: description: - Defaults to false (read/write). ReadOnly here will force the ReadOnly setting @@ -370,6 +377,18 @@ options: - Path of the directory on the host. aliases: - host_path_path + spec_iscsi_chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + aliases: + - iscsi_chap_auth_discovery + type: bool + spec_iscsi_chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + aliases: + - iscsi_chap_auth_session + type: bool spec_iscsi_fs_type: description: - 'Filesystem type of the volume that you want to mount. Tip: Ensure that the @@ -394,18 +413,36 @@ options: aliases: - iscsi_lun type: int + spec_iscsi_portals: + description: + - iSCSI target portal List. The portal is either an IP or ip_addr:port if the + port is other than default (typically TCP ports 860 and 3260). + aliases: + - iscsi_portals + type: list spec_iscsi_read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. aliases: - iscsi_read_only type: bool + spec_iscsi_secret_ref_name: + description: + - Name of the referent. + aliases: + - iscsi_secret_ref_name spec_iscsi_target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). aliases: - iscsi_target_portal + spec_local_path: + description: + - The full path to the volume on the node For alpha, this path must be a directory + Once block as a source is supported, then this path can point to a block device + aliases: + - local_path spec_nfs_path: description: - Path that is exported by the NFS server. @@ -441,6 +478,25 @@ options: - ID that identifies Photon Controller persistent disk aliases: - photon_persistent_disk_pd_id + spec_portworx_volume_fs_type: + description: + - FSType represents the filesystem type to mount Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + aliases: + - portworx_volume_fs_type + spec_portworx_volume_read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly setting + in VolumeMounts. + aliases: + - portworx_volume_read_only + type: bool + spec_portworx_volume_volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + aliases: + - portworx_volume_volume_id spec_quobyte_group: description: - Group to map volume access to Default is no group @@ -514,12 +570,154 @@ options: - The rados user name. Default is admin. aliases: - rbd_user + spec_scale_io_fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + aliases: + - scale_io_fs_type + spec_scale_io_gateway: + description: + - The host address of the ScaleIO API Gateway. + aliases: + - scale_io_gateway + spec_scale_io_protection_domain: + description: + - The name of the Protection Domain for the configured storage (defaults to "default"). + aliases: + - scale_io_protection_domain + spec_scale_io_read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly setting + in VolumeMounts. + aliases: + - scale_io_read_only + type: bool + spec_scale_io_secret_ref_name: + description: + - Name of the referent. + aliases: + - scale_io_secret_ref_name + spec_scale_io_ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, default false + aliases: + - scale_io_ssl_enabled + type: bool + spec_scale_io_storage_mode: + description: + - Indicates whether the storage for a volume should be thick or thin (defaults + to "thin"). + aliases: + - scale_io_storage_mode + spec_scale_io_storage_pool: + description: + - The Storage Pool associated with the protection domain (defaults to "default"). + aliases: + - scale_io_storage_pool + spec_scale_io_system: + description: + - The name of the storage system as configured in ScaleIO. + aliases: + - scale_io_system + spec_scale_io_volume_name: + description: + - The name of a volume already created in the ScaleIO system that is associated + with this volume source. + aliases: + - scale_io_volume_name + spec_storage_class_name: + description: + - Name of StorageClass to which this persistent volume belongs. Empty value means + that this volume does not belong to any StorageClass. + aliases: + - storage_class_name + spec_storageos_fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + aliases: + - storageos_fs_type + spec_storageos_read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly setting + in VolumeMounts. + aliases: + - storageos_read_only + type: bool + spec_storageos_secret_ref_api_version: + description: + - API version of the referent. + aliases: + - storageos_secret_ref_api_version + spec_storageos_secret_ref_field_path: + description: + - 'If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers to the name + of the container that triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of an object.' + aliases: + - storageos_secret_ref_field_path + spec_storageos_secret_ref_kind: + description: + - Kind of the referent. + aliases: + - storageos_secret_ref_kind + spec_storageos_secret_ref_name: + description: + - Name of the referent. + aliases: + - storageos_secret_ref_name + spec_storageos_secret_ref_namespace: + description: + - Namespace of the referent. + aliases: + - storageos_secret_ref_namespace + spec_storageos_secret_ref_resource_version: + description: + - Specific resourceVersion to which this reference is made, if any. + aliases: + - storageos_secret_ref_resource_version + spec_storageos_secret_ref_uid: + description: + - UID of the referent. + aliases: + - storageos_secret_ref_uid + spec_storageos_volume_name: + description: + - VolumeName is the human-readable name of the StorageOS volume. Volume names + are only unique within a namespace. + aliases: + - storageos_volume_name + spec_storageos_volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace + is specified then the Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. Set to "default" if you are not + using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + aliases: + - storageos_volume_namespace spec_vsphere_volume_fs_type: description: - Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. aliases: - vsphere_volume_fs_type + spec_vsphere_volume_storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + aliases: + - vsphere_volume_storage_policy_id + spec_vsphere_volume_storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + aliases: + - vsphere_volume_storage_policy_name spec_vsphere_volume_volume_path: description: - Path that identifies vSphere volume vmdk @@ -556,7 +754,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -673,6 +871,150 @@ persistent_volume: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -708,6 +1050,14 @@ persistent_volume: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -808,6 +1158,12 @@ persistent_volume: host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage account Dedicated: + single blob disk per storage account Managed: azure managed data disk + (only in managed availability set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force the ReadOnly @@ -836,7 +1192,7 @@ persistent_volume: description: - A description of the persistent volume's resources and capacity. type: complex - contains: str, ResourceQuantity + contains: str, str cephfs: description: - CephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -1089,6 +1445,14 @@ persistent_volume: host machine and then exposed to the pod. Provisioned by an admin. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. Tip: Ensure @@ -1109,16 +1473,42 @@ persistent_volume: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). type: str + local: + description: + - Local represents directly-attached storage with node affinity + type: complex + contains: + path: + description: + - The full path to the volume on the node For alpha, this path must + be a directory Once block as a source is supported, then this path + can point to a block device + type: str nfs: description: - NFS represents an NFS mount on the host. Provisioned by an admin. @@ -1159,6 +1549,27 @@ persistent_volume: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted on kubelets + host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be a filesystem + type supported by the host operating system. Ex. "ext4", "xfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str quobyte: description: - Quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -1237,6 +1648,144 @@ persistent_volume: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and mounted on + Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported by the + host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage (defaults + to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and other sensitive + information. If this is not provided, Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick or thin + (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain (defaults to + "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system that is + associated with this volume source. + type: str + storage_class_name: + description: + - Name of StorageClass to which this persistent volume belongs. Empty value + means that this volume does not belong to any StorageClass. + type: str + storageos: + description: + - StorageOS represents a StorageOS volume that is attached to the kubelet's + host machine and mounted into the pod + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported by the + host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the StorageOS + API credentials. If not specified, default values will be attempted. + type: complex + contains: + api_version: + description: + - API version of the referent. + type: str + field_path: + description: + - 'If referring to a piece of an object instead of an entire object, + this string should contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For example, if the + object reference is to a container within a pod, this would take + on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some + well-defined way of referencing a part of an object.' + type: str + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + namespace: + description: + - Namespace of the referent. + type: str + resource_version: + description: + - Specific resourceVersion to which this reference is made, if any. + type: str + uid: + description: + - UID of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within StorageOS. + If no namespace is specified then the Pod's namespace will be used. + This allows the Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using namespaces + within StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted on kubelets @@ -1249,6 +1798,15 @@ persistent_volume: host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated with + the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/k8s_v1_persistent_volume_claim.py b/library/k8s_v1_persistent_volume_claim.py index 7a3315d9..7c710071 100644 --- a/library/k8s_v1_persistent_volume_claim.py +++ b/library/k8s_v1_persistent_volume_claim.py @@ -112,6 +112,11 @@ options: aliases: - selector_match_labels type: dict + spec_storage_class_name: + description: + - Name of the StorageClass required by the claim. + aliases: + - storage_class_name spec_volume_name: description: - VolumeName is the binding reference to the PersistentVolume backing this claim. @@ -148,7 +153,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -264,6 +269,150 @@ persistent_volume_claim: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -299,6 +448,14 @@ persistent_volume_claim: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -354,14 +511,14 @@ persistent_volume_claim: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str selector: description: - A label query over volumes to consider for binding. @@ -398,6 +555,10 @@ persistent_volume_claim: contains only "value". The requirements are ANDed. type: complex contains: str, str + storage_class_name: + description: + - Name of the StorageClass required by the claim. + type: str volume_name: description: - VolumeName is the binding reference to the PersistentVolume backing this @@ -419,7 +580,7 @@ persistent_volume_claim: description: - Represents the actual resources of the underlying volume. type: complex - contains: str, ResourceQuantity + contains: str, str phase: description: - Phase represents the current phase of PersistentVolumeClaim. diff --git a/library/k8s_v1_persistent_volume_claim_list.py b/library/k8s_v1_persistent_volume_claim_list.py index 74e09c61..31ead83b 100644 --- a/library/k8s_v1_persistent_volume_claim_list.py +++ b/library/k8s_v1_persistent_volume_claim_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ persistent_volume_claim_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ persistent_volume_claim_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -305,7 +456,7 @@ persistent_volume_claim_list: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources required. @@ -313,7 +464,7 @@ persistent_volume_claim_list: if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str selector: description: - A label query over volumes to consider for binding. @@ -350,6 +501,10 @@ persistent_volume_claim_list: array contains only "value". The requirements are ANDed. type: complex contains: str, str + storage_class_name: + description: + - Name of the StorageClass required by the claim. + type: str volume_name: description: - VolumeName is the binding reference to the PersistentVolume backing @@ -371,7 +526,7 @@ persistent_volume_claim_list: description: - Represents the actual resources of the underlying volume. type: complex - contains: str, ResourceQuantity + contains: str, str phase: description: - Phase represents the current phase of PersistentVolumeClaim. diff --git a/library/k8s_v1_persistent_volume_list.py b/library/k8s_v1_persistent_volume_list.py index af11f1f8..fc7f7071 100644 --- a/library/k8s_v1_persistent_volume_list.py +++ b/library/k8s_v1_persistent_volume_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ persistent_volume_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ persistent_volume_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -349,6 +500,13 @@ persistent_volume_list: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage account + Dedicated: single blob disk per storage account Managed: azure + managed data disk (only in managed availability set). defaults + to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force the ReadOnly @@ -378,7 +536,7 @@ persistent_volume_list: description: - A description of the persistent volume's resources and capacity. type: complex - contains: str, ResourceQuantity + contains: str, str cephfs: description: - CephFS represents a Ceph FS mount on the host that shares a pod's @@ -633,6 +791,14 @@ persistent_volume_list: host machine and then exposed to the pod. Provisioned by an admin. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. Tip: Ensure @@ -653,17 +819,44 @@ persistent_volume_list: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 and + 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). type: str + local: + description: + - Local represents directly-attached storage with node affinity + type: complex + contains: + path: + description: + - The full path to the volume on the node For alpha, this path must + be a directory Once block as a source is supported, then this + path can point to a block device + type: str nfs: description: - NFS represents an NFS mount on the host. Provisioned by an admin. @@ -704,6 +897,27 @@ persistent_volume_list: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted on + kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be a filesystem + type supported by the host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str quobyte: description: - Quobyte represents a Quobyte mount on the host that shares a pod's @@ -784,6 +998,148 @@ persistent_volume_list: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage (defaults + to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation + will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, default + false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick or + thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain (defaults + to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system that + is associated with this volume source. + type: str + storage_class_name: + description: + - Name of StorageClass to which this persistent volume belongs. Empty + value means that this volume does not belong to any StorageClass. + type: str + storageos: + description: + - StorageOS represents a StorageOS volume that is attached to the kubelet's + host machine and mounted into the pod + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the StorageOS + API credentials. If not specified, default values will be attempted. + type: complex + contains: + api_version: + description: + - API version of the referent. + type: str + field_path: + description: + - 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object.' + type: str + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + namespace: + description: + - Namespace of the referent. + type: str + resource_version: + description: + - Specific resourceVersion to which this reference is made, + if any. + type: str + uid: + description: + - UID of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS volume. + Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within StorageOS. + If no namespace is specified then the Pod's namespace will be + used. This allows the Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" if you are + not using namespaces within StorageOS. Namespaces that do not + pre-exist within StorageOS will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted on @@ -796,6 +1152,15 @@ persistent_volume_list: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated with + the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/k8s_v1_pod.py b/library/k8s_v1_pod.py index fe91de1b..1a28df67 100644 --- a/library/k8s_v1_pod.py +++ b/library/k8s_v1_pod.py @@ -84,6 +84,98 @@ options: aliases: - active_deadline_seconds type: int + spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - automount_service_account_token + type: bool spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -93,10 +185,18 @@ options: type: list spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - dns_policy + spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - host_aliases + type: list spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -132,6 +232,21 @@ options: aliases: - image_pull_secrets type: list + spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - init_containers + type: list spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -153,6 +268,12 @@ options: Never. Default to Always. aliases: - restart_policy + spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - scheduler_name spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -241,6 +362,12 @@ options: aliases: - termination_grace_period_seconds type: int + spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - tolerations + type: list spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. @@ -278,7 +405,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -385,6 +512,150 @@ pod: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -420,6 +691,14 @@ pod: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -467,6 +746,460 @@ pod: to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node + that is most preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this + field and adding "weight" to the sum if the node matches the corresponding + matchExpressions; the node(s) with the highest sum are the most + preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. The requirements + are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator is In or + NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted + as an integer. This array is replaced during a strategic + merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are not met + at scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to + be met at some point during pod execution (e.g. due to an update), + the system may or may not try to eventually evict the pod from + its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. The requirements + are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator is In or + NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted + as an integer. This array is replaced during a strategic + merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this pod in + the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node + that is most preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this + field and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the corresponding + weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to a + set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to + an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with key + topologyKey matches that of any node on which any of the + selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted as + "all topologies" ("all topologies" here means all the + topologyKeys indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. + If the affinity requirements specified by this field are not met + at scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to + be met at some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod from + its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met + at scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to + be met at some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies to. + type: str + operator: + description: + - operator represents a key's relationship to a set + of values. Valid operators ard In, NotIn, Exists and + DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of + matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The + requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector applies + to (matches against); null or empty list means "this pod's + namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in + the specified namespaces, where co-located is defined as running + on a node whose value of the label with key topologyKey matches + that of any node on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, empty topologyKey + is interpreted as "all topologies" ("all topologies" here + means all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it + may choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest sum + of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node has pods + which matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the corresponding + weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to a + set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to + an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with key + topologyKey matches that of any node on which any of the + selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted as + "all topologies" ("all topologies" here means all the + topologyKeys indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. + If the anti-affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled onto + the node. If the anti-affinity requirements specified by this + field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system will try to eventually + evict the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled onto + the node. If the anti-affinity requirements specified by this + field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies to. + type: str + operator: + description: + - operator represents a key's relationship to a set + of values. Valid operators ard In, NotIn, Exists and + DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of + matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The + requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector applies + to (matches against); null or empty list means "this pod's + namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in + the specified namespaces, where co-located is defined as running + on a node whose value of the label with key topologyKey matches + that of any node on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, empty topologyKey + is interpreted as "all topologies" ("all topologies" here + means all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token + should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently be @@ -534,11 +1267,15 @@ pod: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.podIP.' + status.hostIP, status.podIP.' type: complex contains: api_version: @@ -566,8 +1303,7 @@ pod: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -586,6 +1322,51 @@ pod: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid + keys will be reported as an event when the container is starting. + When a key exists in multiple sources, the value associated with the + last source will take precedence. Values defined by an Env with a + duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -660,8 +1441,7 @@ pod: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults to @@ -673,13 +1453,17 @@ pod: not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -739,8 +1523,7 @@ pod: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults to @@ -752,13 +1535,17 @@ pod: not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -819,8 +1606,7 @@ pod: description: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults to HTTP. @@ -847,12 +1633,15 @@ pod: not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults to @@ -958,8 +1747,7 @@ pod: description: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults to HTTP. @@ -986,12 +1774,15 @@ pod: not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults to @@ -1006,7 +1797,7 @@ pod: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources required. @@ -1014,10 +1805,10 @@ pod: if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1112,9 +1903,21 @@ pod: - "Optional: Path at which the file to which the container's termination\ \ message will be written is mounted into the container's filesystem.\ \ Message written is intended to be brief final status, such as an\ - \ assertion failure message. Defaults to /dev/termination-log. Cannot\ + \ assertion failure message. Will be truncated by the node if greater\ + \ than 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log. Cannot\ \ be updated." type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. File will + use the contents of terminationMessagePath to populate the container + status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. The + log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. Cannot be updated. + type: str tty: description: - Whether this container should allocate a TTY for itself, also requires @@ -1152,9 +1955,27 @@ pod: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or - 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly + to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected + into the pod's hosts file if specified. This is only valid for non-hostNetwork + pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1187,6 +2008,767 @@ pod: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any init container + fails, the pod is considered to have failed and is handled according to + its restartPolicy. The name for an init container or normal container + must be unique among all containers. Init containers may not have Lifecycle + actions, Readiness probes, or Liveness probes. The resourceRequirements + of an init container are taken into account during scheduling by finding + the highest request/limit for each resource type, and then using the max + of of that value or the sum of the normal containers. Limits are applied + to init containers in a similar fashion. Init containers cannot currently + be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used if this\ + \ is not provided. Variable references $(VAR_NAME) are expanded using\ + \ the container's environment. If a variable cannot be resolved, the\ + \ reference in the input string will be unchanged. The $(VAR_NAME)\ + \ syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether the variable\ + \ exists or not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker image's\ + \ ENTRYPOINT is used if this is not provided. Variable references\ + \ $(VAR_NAME) are expanded using the container's environment. If a\ + \ variable cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with a double\ + \ $$, ie: $$(VAR_NAME). Escaped references will never be expanded,\ + \ regardless of whether the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the previous + defined environment variables in the container and any service + environment variables. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be used if + value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written in terms + of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources limits + and requests (limits.cpu, limits.memory, requests.cpu and + requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional for env + vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be a valid + secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid + keys will be reported as an event when the container is starting. + When a key exists in multiple sources, the value associated with the + last source will take precedence. Values defined by an Env with a + duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults to + Always if :latest tag is specified, or IfNotPresent otherwise. Cannot + be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response to container + lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and restarted + according to its restart policy. Other management of the container + blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. Exec + specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the container, + the working directory for the command is root ('/') in + the container's filesystem. The command is simply exec'd, + it is not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows repeated + headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults to + HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP hooks + not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. The reason + for termination is passed to the handler. Regardless of the outcome + of the handler, the container is eventually terminated. Other + management of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. Exec + specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the container, + the working directory for the command is root ('/') in + the container's filesystem. The command is simply exec'd, + it is not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows repeated + headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults to + HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP hooks + not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. Exec specifies + the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the container, + the working directory for the command is root ('/') in the + container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered failed + after having succeeded. Defaults to 3. Minimum value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows repeated + headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. Number + must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before liveness + probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to 10 seconds. + Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered successful + after having failed. Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP hooks + not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. Number + must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults to + 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container in + a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port here gives + the system additional information about the network connections a + container uses, but is primarily informational. Not specifying a port + here DOES NOT prevent that port from being exposed. Any port which + is listening on the default "0.0.0.0" address inside a container will + be accessible from the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This must be + a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this must + be a valid port number, 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique within + the pod. Each named port in a pod must have a unique name. Name + for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will be removed + from service endpoints if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. Exec specifies + the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the container, + the working directory for the command is root ('/') in the + container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered failed + after having succeeded. Defaults to 3. Minimum value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows repeated + headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. Number + must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before liveness + probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to 10 seconds. + Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered successful + after having failed. Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP hooks + not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. Number + must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults to + 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to an implementation-defined + value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. Defaults + to the default set of capabilities granted by the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged containers + are essentially equivalent to root on the host. Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. Default + is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. If true, + the Kubelet will validate the image at runtime to ensure that + it does not run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. Defaults + to user specified in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes + precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If unspecified, + the container runtime will allocate a random SELinux context for + each container. May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin in the container + runtime. If this is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel after + it has been opened by a single attach. When stdin is true the stdin + stream will remain open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, is empty until + the first client attaches to stdin, and then remains open and accepts + data until the client disconnects, at which time stdin is closed and + remains closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive an + EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's termination\ + \ message will be written is mounted into the container's filesystem.\ + \ Message written is intended to be brief final status, such as an\ + \ assertion failure message. Will be truncated by the node if greater\ + \ than 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log. Cannot\ + \ be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. File will + use the contents of terminationMessagePath to populate the container + status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. The + log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also requires + 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be mounted. + Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume should + be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container runtime's + default will be used, which might be configured in the container image. + Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it @@ -1205,6 +2787,11 @@ pod: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not + specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common container @@ -1297,6 +2884,42 @@ pod: signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match all + taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty means match + all taint keys. If the key is empty, operator must be Exists; this + combination means to match all values and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration (which + must be of effect NoExecute, otherwise this field is ignored) tolerates + the taint. By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the operator + is Exists, the value should be empty, otherwise just a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to the pod. @@ -1355,6 +2978,13 @@ pod: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage account + Dedicated: single blob disk per storage account Managed: azure + managed data disk (only in managed availability set). defaults + to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force the ReadOnly @@ -1461,8 +3091,9 @@ pod: is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present - in the ConfigMap, the volume setup will error. Paths must be relative - and may not contain the '..' path or start with '..'. + in the ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the '..' + path or start with '..'. type: list contains: key: @@ -1487,6 +3118,10 @@ pod: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should populate @@ -1552,8 +3187,7 @@ pod: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1569,6 +3203,15 @@ pod: is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all + containers in a pod. The default is nil which means that the limit + is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to a kubelet's @@ -1737,6 +3380,14 @@ pod: host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. Tip: Ensure @@ -1757,11 +3408,27 @@ pod: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 and + 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -1821,6 +3488,198 @@ pod: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted on + kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be a filesystem + type supported by the host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be a value + between 0 and 0777. Directories within the path are not affected + by this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result can be + other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data field + of the referenced ConfigMap will be projected into the + volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be + a value between 0 and 0777. If not specified, the + volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + type: int + path: + description: + - The relative path of the file to map the key to. May + not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only annotations, + labels, name and namespace are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be + a value between 0 and 0777. If not specified, the + volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + type: int + path: + description: + - "Required: Path is the relative path name of the file\ + \ to be created. Must not be absolute or contain the\ + \ '..' path. Must be utf-8 encoded. The first item\ + \ of the relative path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data field + of the referenced Secret will be projected into the volume + as a file whose name is the key and content is the value. + If specified, the listed keys will be projected into the + specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be + a value between 0 and 0777. If not specified, the + volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + type: int + path: + description: + - The relative path of the file to map the key to. May + not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares a pod's @@ -1901,6 +3760,67 @@ pod: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage (defaults + to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation + will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, default + false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick or + thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain (defaults + to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system that + is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -1921,8 +3841,9 @@ pod: is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present - in the Secret, the volume setup will error. Paths must be relative - and may not contain the '..' path or start with '..'. + in the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the '..' + path or start with '..'. type: list contains: key: @@ -1943,10 +3864,56 @@ pod: an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted on Kubernetes + nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the StorageOS + API credentials. If not specified, default values will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS volume. + Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within StorageOS. + If no namespace is specified then the Pod's namespace will be + used. This allows the Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" if you are + not using namespaces within StorageOS. Namespaces that do not + pre-exist within StorageOS will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted on @@ -1959,6 +3926,15 @@ pod: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated with + the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk @@ -2166,6 +4142,168 @@ pod: - IP address of the host to which the pod is assigned. Empty if not yet scheduled. type: str + init_container_statuses: + description: + - The list has one entry per init container in the manifest. The most recent + successful init container will have ready = true, the most recently started + container will have startTime set. + type: list + contains: + container_id: + description: + - Container's ID in the format 'docker://'. + type: str + image: + description: + - The image the container is running. + type: str + image_id: + description: + - ImageID of the container's image. + type: str + last_state: + description: + - Details about the container's last termination condition. + type: complex + contains: + running: + description: + - Details about a running container + type: complex + contains: + started_at: + description: + - Time at which the container was last (re-)started + type: complex + contains: {} + terminated: + description: + - Details about a terminated container + type: complex + contains: + container_id: + description: + - Container's ID in the format 'docker://' + type: str + exit_code: + description: + - Exit status from the last termination of the container + type: int + finished_at: + description: + - Time at which the container last terminated + type: complex + contains: {} + message: + description: + - Message regarding the last termination of the container + type: str + reason: + description: + - (brief) reason from the last termination of the container + type: str + signal: + description: + - Signal from the last termination of the container + type: int + started_at: + description: + - Time at which previous execution of the container started + type: complex + contains: {} + waiting: + description: + - Details about a waiting container + type: complex + contains: + message: + description: + - Message regarding why the container is not yet running. + type: str + reason: + description: + - (brief) reason the container is not yet running. + type: str + name: + description: + - This must be a DNS_LABEL. Each container in a pod must have a unique + name. Cannot be updated. + type: str + ready: + description: + - Specifies whether the container has passed its readiness probe. + type: bool + restart_count: + description: + - The number of times the container has been restarted, currently based + on the number of dead containers that have not yet been removed. Note + that this is calculated from dead containers. But those containers + are subject to garbage collection. This value will get capped at 5 + by GC. + type: int + state: + description: + - Details about the container's current condition. + type: complex + contains: + running: + description: + - Details about a running container + type: complex + contains: + started_at: + description: + - Time at which the container was last (re-)started + type: complex + contains: {} + terminated: + description: + - Details about a terminated container + type: complex + contains: + container_id: + description: + - Container's ID in the format 'docker://' + type: str + exit_code: + description: + - Exit status from the last termination of the container + type: int + finished_at: + description: + - Time at which the container last terminated + type: complex + contains: {} + message: + description: + - Message regarding the last termination of the container + type: str + reason: + description: + - (brief) reason from the last termination of the container + type: str + signal: + description: + - Signal from the last termination of the container + type: int + started_at: + description: + - Time at which previous execution of the container started + type: complex + contains: {} + waiting: + description: + - Details about a waiting container + type: complex + contains: + message: + description: + - Message regarding why the container is not yet running. + type: str + reason: + description: + - (brief) reason the container is not yet running. + type: str message: description: - A human readable message indicating details about why the pod is in this @@ -2180,6 +4318,11 @@ pod: - IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated. type: str + qos_class: + description: + - The Quality of Service (QOS) classification assigned to the pod based + on resource requirements See PodQOSClass type for available QOS classes + type: str reason: description: - A brief CamelCase message indicating details about why the pod is in this diff --git a/library/k8s_v1_pod_list.py b/library/k8s_v1_pod_list.py index e3f9877d..28cabb69 100644 --- a/library/k8s_v1_pod_list.py +++ b/library/k8s_v1_pod_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ pod_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ pod_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -296,6 +447,477 @@ pod_list: to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may + choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating through the + elements of this field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. The + requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator is + In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. If the operator is + Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are not + met at scheduling time, the pod will not be scheduled onto + the node. If the affinity requirements specified by this field + cease to be met at some point during pod execution (e.g. due + to an update), the system may or may not try to eventually + evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms are + ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. The + requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator is + In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. If the operator is + Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this pod + in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may + choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating through the + elements of this field and adding "weight" to the sum if the + node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the corresponding + weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. + If the affinity requirements specified by this field are not + met at scheduling time, the pod will not be scheduled onto + the node. If the affinity requirements specified by this field + cease to be met at some point during pod execution (e.g. due + to a pod label update), the system will try to eventually + evict the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not + met at scheduling time, the pod will not be scheduled onto + the node. If the affinity requirements specified by this field + cease to be met at some point during pod execution (e.g. due + to a pod label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to a + set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to + an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with key + topologyKey matches that of any node on which any of the + selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted as + "all topologies" ("all topologies" here means all the + topologyKeys indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but + it may choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through the + elements of this field and adding "weight" to the sum if the + node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the corresponding + weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system will try to eventually + evict the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to a + set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to + an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with key + topologyKey matches that of any node on which any of the + selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted as + "all topologies" ("all topologies" here means all the + topologyKeys indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token + should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -365,11 +987,16 @@ pod_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -397,8 +1024,7 @@ pod_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -417,6 +1043,51 @@ pod_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid + keys will be reported as an event when the container is starting. + When a key exists in multiple sources, the value associated with + the last source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -492,8 +1163,7 @@ pod_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -505,13 +1175,17 @@ pod_list: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -573,8 +1247,7 @@ pod_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -586,13 +1259,17 @@ pod_list: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -655,8 +1332,7 @@ pod_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults to @@ -684,13 +1360,17 @@ pod_list: not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -800,8 +1480,7 @@ pod_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults to @@ -829,13 +1508,17 @@ pod_list: not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -850,7 +1533,7 @@ pod_list: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -858,10 +1541,10 @@ pod_list: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -958,9 +1641,21 @@ pod_list: - "Optional: Path at which the file to which the container's termination\ \ message will be written is mounted into the container's filesystem.\ \ Message written is intended to be brief final status, such as\ - \ an assertion failure message. Defaults to /dev/termination-log.\ + \ an assertion failure message. Will be truncated by the node\ + \ if greater than 4096 bytes. The total message length across\ + \ all containers will be limited to 12kb. Defaults to /dev/termination-log.\ \ Cannot be updated." type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. File + will use the contents of terminationMessagePath to populate the + container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str tty: description: - Whether this container should allocate a TTY for itself, also @@ -999,9 +1694,27 @@ pod_list: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS + options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected + into the pod's hosts file if specified. This is only valid for non-hostNetwork + pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1034,6 +1747,788 @@ pod_list: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any init + container fails, the pod is considered to have failed and is handled + according to its restartPolicy. The name for an init container or + normal container must be unique among all containers. Init containers + may not have Lifecycle actions, Readiness probes, or Liveness probes. + The resourceRequirements of an init container are taken into account + during scheduling by finding the highest request/limit for each resource + type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. + Init containers cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used if\ + \ this is not provided. Variable references $(VAR_NAME) are expanded\ + \ using the container's environment. If a variable cannot be resolved,\ + \ the reference in the input string will be unchanged. The $(VAR_NAME)\ + \ syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether the\ + \ variable exists or not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker image's\ + \ ENTRYPOINT is used if this is not provided. Variable references\ + \ $(VAR_NAME) are expanded using the container's environment.\ + \ If a variable cannot be resolved, the reference in the input\ + \ string will be unchanged. The $(VAR_NAME) syntax can be escaped\ + \ with a double $$, ie: $$(VAR_NAME). Escaped references will\ + \ never be expanded, regardless of whether the variable exists\ + \ or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the previous + defined environment variables in the container and any service + environment variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be used + if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written in + terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources limits + and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional for + env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be a valid + secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid + keys will be reported as an event when the container is starting. + When a key exists in multiple sources, the value associated with + the last source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response to + container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and restarted + according to its restart policy. Other management of the container + blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. The + reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. Exec + specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the container, + the working directory for the command is root ('/') in + the container's filesystem. The command is simply exec'd, + it is not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum value + is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows repeated + headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults to + HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before liveness + probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to 10 + seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be 1 for + liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP hooks + not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port here + gives the system additional information about the network connections + a container uses, but is primarily informational. Not specifying + a port here DOES NOT prevent that port from being exposed. Any + port which is listening on the default "0.0.0.0" address inside + a container will be accessible from the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This must + be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this must + be a valid port number, 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers do not need + this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique within + the pod. Each named port in a pod must have a unique name. + Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot be + updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. Exec + specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the container, + the working directory for the command is root ('/') in + the container's filesystem. The command is simply exec'd, + it is not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum value + is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows repeated + headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults to + HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before liveness + probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to 10 + seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be 1 for + liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP hooks + not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an + implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. Defaults + to the default set of capabilities granted by the container + runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. Default + is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to + ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. Defaults + to user specified in image metadata if unspecified. May also + be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If unspecified, + the container runtime will allocate a random SELinux context + for each container. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin in the + container runtime. If this is not set, reads from stdin in the + container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel after + it has been opened by a single attach. When stdin is true the + stdin stream will remain open across multiple attach sessions. + If stdinOnce is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, and then remains + open and accepts data until the client disconnects, at which time + stdin is closed and remains closed until the container is restarted. + If this flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's termination\ + \ message will be written is mounted into the container's filesystem.\ + \ Message written is intended to be brief final status, such as\ + \ an assertion failure message. Will be truncated by the node\ + \ if greater than 4096 bytes. The total message length across\ + \ all containers will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. File + will use the contents of terminationMessagePath to populate the + container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot be + updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be mounted. + Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false or + unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume should + be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured in the + container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. If @@ -1052,6 +2547,11 @@ pod_list: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If + not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common container @@ -1146,6 +2646,44 @@ pod_list: halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty means + match all taint keys. If the key is empty, operator must be Exists; + this combination means to match all values and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate all taints of + a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is ignored) + tolerates the taint. By default, it is not set, which means tolerate + the taint forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the operator + is Exists, the value should be empty, otherwise just a regular + string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to the @@ -1207,6 +2745,13 @@ pod_list: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage account + Dedicated: single blob disk per storage account Managed: azure + managed data disk (only in managed availability set). defaults + to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force the @@ -1314,8 +2859,9 @@ pod_list: specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume - setup will error. Paths must be relative and may not contain - the '..' path or start with '..'. + setup will error unless it is marked optional. Paths must + be relative and may not contain the '..' path or start with + '..'. type: list contains: key: @@ -1340,6 +2886,10 @@ pod_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -1405,8 +2955,7 @@ pod_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1423,6 +2972,15 @@ pod_list: default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the minimum value + between the SizeLimit specified here and the sum of memory + limits of all containers in a pod. The default is nil which + means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to a kubelet's @@ -1594,6 +3152,14 @@ pod_list: kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. Tip: @@ -1614,11 +3180,27 @@ pod_list: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 + and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -1678,6 +3260,205 @@ pod_list: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be a filesystem + type supported by the host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be a value + between 0 and 0777. Directories within the path are not affected + by this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result can + be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data field + of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys + will not be present. If a key is specified which is + not present in the ConfigMap, the volume setup will + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key to. + May not be an absolute path. May not contain the + path element '..'. May not start with the string + '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be + defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only annotations, + labels, name and namespace are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name of the\ + \ file to be created. Must not be absolute or\ + \ contain the '..' path. Must be utf-8 encoded.\ + \ The first item of the relative path must not\ + \ start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data field + of the referenced Secret will be projected into the + volume as a file whose name is the key and content + is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys + will not be present. If a key is specified which is + not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key to. + May not be an absolute path. May not contain the + path element '..'. May not start with the string + '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares a pod's @@ -1758,6 +3539,67 @@ pod_list: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation + will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, default + false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain (defaults + to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -1779,8 +3621,8 @@ pod_list: the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will - error. Paths must be relative and may not contain the '..' - path or start with '..'. + error unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. type: list contains: key: @@ -1801,10 +3643,57 @@ pod_list: be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted on + Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the StorageOS + API credentials. If not specified, default values will be + attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS volume. + Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within StorageOS. + If no namespace is specified then the Pod's namespace will + be used. This allows the Kubernetes name scoping to be mirrored + within StorageOS for tighter integration. Set VolumeName to + any name to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -1817,6 +3706,15 @@ pod_list: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk @@ -2024,6 +3922,168 @@ pod_list: - IP address of the host to which the pod is assigned. Empty if not yet scheduled. type: str + init_container_statuses: + description: + - The list has one entry per init container in the manifest. The most + recent successful init container will have ready = true, the most + recently started container will have startTime set. + type: list + contains: + container_id: + description: + - Container's ID in the format 'docker://'. + type: str + image: + description: + - The image the container is running. + type: str + image_id: + description: + - ImageID of the container's image. + type: str + last_state: + description: + - Details about the container's last termination condition. + type: complex + contains: + running: + description: + - Details about a running container + type: complex + contains: + started_at: + description: + - Time at which the container was last (re-)started + type: complex + contains: {} + terminated: + description: + - Details about a terminated container + type: complex + contains: + container_id: + description: + - Container's ID in the format 'docker://' + type: str + exit_code: + description: + - Exit status from the last termination of the container + type: int + finished_at: + description: + - Time at which the container last terminated + type: complex + contains: {} + message: + description: + - Message regarding the last termination of the container + type: str + reason: + description: + - (brief) reason from the last termination of the container + type: str + signal: + description: + - Signal from the last termination of the container + type: int + started_at: + description: + - Time at which previous execution of the container started + type: complex + contains: {} + waiting: + description: + - Details about a waiting container + type: complex + contains: + message: + description: + - Message regarding why the container is not yet running. + type: str + reason: + description: + - (brief) reason the container is not yet running. + type: str + name: + description: + - This must be a DNS_LABEL. Each container in a pod must have a + unique name. Cannot be updated. + type: str + ready: + description: + - Specifies whether the container has passed its readiness probe. + type: bool + restart_count: + description: + - The number of times the container has been restarted, currently + based on the number of dead containers that have not yet been + removed. Note that this is calculated from dead containers. But + those containers are subject to garbage collection. This value + will get capped at 5 by GC. + type: int + state: + description: + - Details about the container's current condition. + type: complex + contains: + running: + description: + - Details about a running container + type: complex + contains: + started_at: + description: + - Time at which the container was last (re-)started + type: complex + contains: {} + terminated: + description: + - Details about a terminated container + type: complex + contains: + container_id: + description: + - Container's ID in the format 'docker://' + type: str + exit_code: + description: + - Exit status from the last termination of the container + type: int + finished_at: + description: + - Time at which the container last terminated + type: complex + contains: {} + message: + description: + - Message regarding the last termination of the container + type: str + reason: + description: + - (brief) reason from the last termination of the container + type: str + signal: + description: + - Signal from the last termination of the container + type: int + started_at: + description: + - Time at which previous execution of the container started + type: complex + contains: {} + waiting: + description: + - Details about a waiting container + type: complex + contains: + message: + description: + - Message regarding why the container is not yet running. + type: str + reason: + description: + - (brief) reason the container is not yet running. + type: str message: description: - A human readable message indicating details about why the pod is in @@ -2038,6 +4098,11 @@ pod_list: - IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated. type: str + qos_class: + description: + - The Quality of Service (QOS) classification assigned to the pod based + on resource requirements See PodQOSClass type for available QOS classes + type: str reason: description: - A brief CamelCase message indicating details about why the pod is diff --git a/library/k8s_v1_pod_template.py b/library/k8s_v1_pod_template.py index 823de208..1da66aaa 100644 --- a/library/k8s_v1_pod_template.py +++ b/library/k8s_v1_pod_template.py @@ -130,6 +130,98 @@ options: aliases: - active_deadline_seconds type: int + template_spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + template_spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + template_spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + template_spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + template_spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + template_spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + template_spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - automount_service_account_token + type: bool template_spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -139,10 +231,18 @@ options: type: list template_spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - dns_policy + template_spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - host_aliases + type: list template_spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -178,6 +278,21 @@ options: aliases: - image_pull_secrets type: list + template_spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - init_containers + type: list template_spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -199,6 +314,12 @@ options: Never. Default to Always. aliases: - restart_policy + template_spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - scheduler_name template_spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -287,6 +408,12 @@ options: aliases: - termination_grace_period_seconds type: int + template_spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - tolerations + type: list template_spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. @@ -301,7 +428,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -408,6 +535,150 @@ pod_template: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -443,6 +714,14 @@ pod_template: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -481,7 +760,7 @@ pod_template: type: str template: description: - - Template defines the pods that will be created from this pod template. http://releases.k8s.io/HEAD/docs/devel/api-conventions.md + - Template defines the pods that will be created from this pod template. type: complex contains: metadata: @@ -568,6 +847,153 @@ pod_template: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -604,6 +1030,14 @@ pod_template: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -654,6 +1088,477 @@ pod_template: to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may + choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating through the + elements of this field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. The + requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator is + In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. If the operator is + Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are not + met at scheduling time, the pod will not be scheduled onto + the node. If the affinity requirements specified by this field + cease to be met at some point during pod execution (e.g. due + to an update), the system may or may not try to eventually + evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms are + ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. The + requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator is + In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. If the operator is + Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this pod + in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may + choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating through the + elements of this field and adding "weight" to the sum if the + node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the corresponding + weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. + If the affinity requirements specified by this field are not + met at scheduling time, the pod will not be scheduled onto + the node. If the affinity requirements specified by this field + cease to be met at some point during pod execution (e.g. due + to a pod label update), the system will try to eventually + evict the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not + met at scheduling time, the pod will not be scheduled onto + the node. If the affinity requirements specified by this field + cease to be met at some point during pod execution (e.g. due + to a pod label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to a + set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to + an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with key + topologyKey matches that of any node on which any of the + selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted as + "all topologies" ("all topologies" here means all the + topologyKeys indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but + it may choose a node that violates one or more of the expressions. + The node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through the + elements of this field and adding "weight" to the sum if the + node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the corresponding + weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system will try to eventually + evict the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to a + set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to + an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with key + topologyKey matches that of any node on which any of the + selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted as + "all topologies" ("all topologies" here means all the + topologyKeys indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token + should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -723,11 +1628,16 @@ pod_template: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -755,8 +1665,7 @@ pod_template: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -775,6 +1684,51 @@ pod_template: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid + keys will be reported as an event when the container is starting. + When a key exists in multiple sources, the value associated with + the last source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -850,8 +1804,7 @@ pod_template: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -863,13 +1816,17 @@ pod_template: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -931,8 +1888,7 @@ pod_template: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -944,13 +1900,17 @@ pod_template: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -1013,8 +1973,7 @@ pod_template: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults to @@ -1042,13 +2001,17 @@ pod_template: not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1158,8 +2121,7 @@ pod_template: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults to @@ -1187,13 +2149,17 @@ pod_template: not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1208,7 +2174,7 @@ pod_template: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1216,10 +2182,10 @@ pod_template: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1316,9 +2282,21 @@ pod_template: - "Optional: Path at which the file to which the container's termination\ \ message will be written is mounted into the container's filesystem.\ \ Message written is intended to be brief final status, such as\ - \ an assertion failure message. Defaults to /dev/termination-log.\ + \ an assertion failure message. Will be truncated by the node\ + \ if greater than 4096 bytes. The total message length across\ + \ all containers will be limited to 12kb. Defaults to /dev/termination-log.\ \ Cannot be updated." type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. File + will use the contents of terminationMessagePath to populate the + container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str tty: description: - Whether this container should allocate a TTY for itself, also @@ -1357,9 +2335,27 @@ pod_template: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS + options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected + into the pod's hosts file if specified. This is only valid for non-hostNetwork + pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1392,6 +2388,788 @@ pod_template: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any init + container fails, the pod is considered to have failed and is handled + according to its restartPolicy. The name for an init container or + normal container must be unique among all containers. Init containers + may not have Lifecycle actions, Readiness probes, or Liveness probes. + The resourceRequirements of an init container are taken into account + during scheduling by finding the highest request/limit for each resource + type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. + Init containers cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used if\ + \ this is not provided. Variable references $(VAR_NAME) are expanded\ + \ using the container's environment. If a variable cannot be resolved,\ + \ the reference in the input string will be unchanged. The $(VAR_NAME)\ + \ syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether the\ + \ variable exists or not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker image's\ + \ ENTRYPOINT is used if this is not provided. Variable references\ + \ $(VAR_NAME) are expanded using the container's environment.\ + \ If a variable cannot be resolved, the reference in the input\ + \ string will be unchanged. The $(VAR_NAME) syntax can be escaped\ + \ with a double $$, ie: $$(VAR_NAME). Escaped references will\ + \ never be expanded, regardless of whether the variable exists\ + \ or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the previous + defined environment variables in the container and any service + environment variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be used + if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written in + terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources limits + and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional for + env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be a valid + secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid + keys will be reported as an event when the container is starting. + When a key exists in multiple sources, the value associated with + the last source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response to + container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and restarted + according to its restart policy. Other management of the container + blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. The + reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. Exec + specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the container, + the working directory for the command is root ('/') in + the container's filesystem. The command is simply exec'd, + it is not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum value + is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows repeated + headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults to + HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before liveness + probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to 10 + seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be 1 for + liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP hooks + not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port here + gives the system additional information about the network connections + a container uses, but is primarily informational. Not specifying + a port here DOES NOT prevent that port from being exposed. Any + port which is listening on the default "0.0.0.0" address inside + a container will be accessible from the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This must + be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this must + be a valid port number, 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers do not need + this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique within + the pod. Each named port in a pod must have a unique name. + Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot be + updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. Exec + specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the container, + the working directory for the command is root ('/') in + the container's filesystem. The command is simply exec'd, + it is not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum value + is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows repeated + headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults to + HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before liveness + probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to 10 + seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be 1 for + liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP hooks + not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the pod + IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an + implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. Defaults + to the default set of capabilities granted by the container + runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. Default + is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to + ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. Defaults + to user specified in image metadata if unspecified. May also + be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If unspecified, + the container runtime will allocate a random SELinux context + for each container. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin in the + container runtime. If this is not set, reads from stdin in the + container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel after + it has been opened by a single attach. When stdin is true the + stdin stream will remain open across multiple attach sessions. + If stdinOnce is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, and then remains + open and accepts data until the client disconnects, at which time + stdin is closed and remains closed until the container is restarted. + If this flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's termination\ + \ message will be written is mounted into the container's filesystem.\ + \ Message written is intended to be brief final status, such as\ + \ an assertion failure message. Will be truncated by the node\ + \ if greater than 4096 bytes. The total message length across\ + \ all containers will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. File + will use the contents of terminationMessagePath to populate the + container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot be + updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be mounted. + Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false or + unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume should + be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured in the + container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. If @@ -1410,6 +3188,11 @@ pod_template: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If + not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common container @@ -1504,6 +3287,44 @@ pod_template: halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty means + match all taint keys. If the key is empty, operator must be Exists; + this combination means to match all values and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate all taints of + a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is ignored) + tolerates the taint. By default, it is not set, which means tolerate + the taint forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the operator + is Exists, the value should be empty, otherwise just a regular + string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to the @@ -1565,6 +3386,13 @@ pod_template: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage account + Dedicated: single blob disk per storage account Managed: azure + managed data disk (only in managed availability set). defaults + to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force the @@ -1672,8 +3500,9 @@ pod_template: specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume - setup will error. Paths must be relative and may not contain - the '..' path or start with '..'. + setup will error unless it is marked optional. Paths must + be relative and may not contain the '..' path or start with + '..'. type: list contains: key: @@ -1698,6 +3527,10 @@ pod_template: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -1763,8 +3596,7 @@ pod_template: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1781,6 +3613,15 @@ pod_template: default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the minimum value + between the SizeLimit specified here and the sum of memory + limits of all containers in a pod. The default is nil which + means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to a kubelet's @@ -1952,6 +3793,14 @@ pod_template: kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. Tip: @@ -1972,11 +3821,27 @@ pod_template: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 + and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -2036,6 +3901,205 @@ pod_template: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be a filesystem + type supported by the host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be a value + between 0 and 0777. Directories within the path are not affected + by this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result can + be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data field + of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys + will not be present. If a key is specified which is + not present in the ConfigMap, the volume setup will + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key to. + May not be an absolute path. May not contain the + path element '..'. May not start with the string + '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be + defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only annotations, + labels, name and namespace are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name of the\ + \ file to be created. Must not be absolute or\ + \ contain the '..' path. Must be utf-8 encoded.\ + \ The first item of the relative path must not\ + \ start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data field + of the referenced Secret will be projected into the + volume as a file whose name is the key and content + is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys + will not be present. If a key is specified which is + not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key to. + May not be an absolute path. May not contain the + path element '..'. May not start with the string + '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares a pod's @@ -2116,6 +4180,67 @@ pod_template: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation + will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, default + false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain (defaults + to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2137,8 +4262,8 @@ pod_template: the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will - error. Paths must be relative and may not contain the '..' - path or start with '..'. + error unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. type: list contains: key: @@ -2159,10 +4284,57 @@ pod_template: be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted on + Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the StorageOS + API credentials. If not specified, default values will be + attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS volume. + Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within StorageOS. + If no namespace is specified then the Pod's namespace will + be used. This allows the Kubernetes name scoping to be mirrored + within StorageOS for tighter integration. Set VolumeName to + any name to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -2175,6 +4347,15 @@ pod_template: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/k8s_v1_pod_template_list.py b/library/k8s_v1_pod_template_list.py index c1cc2ad7..c7def775 100644 --- a/library/k8s_v1_pod_template_list.py +++ b/library/k8s_v1_pod_template_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ pod_template_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ pod_template_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -288,7 +439,6 @@ pod_template_list: template: description: - Template defines the pods that will be created from this pod template. - http://releases.k8s.io/HEAD/docs/devel/api-conventions.md type: complex contains: metadata: @@ -377,6 +527,158 @@ pod_template_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -414,6 +716,14 @@ pod_template_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -465,6 +775,493 @@ pod_template_list: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -536,11 +1333,17 @@ pod_template_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -569,8 +1372,7 @@ pod_template_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -589,6 +1391,53 @@ pod_template_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -665,8 +1514,7 @@ pod_template_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -678,13 +1526,17 @@ pod_template_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -747,8 +1599,7 @@ pod_template_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -760,13 +1611,17 @@ pod_template_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -830,8 +1685,7 @@ pod_template_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -859,13 +1713,17 @@ pod_template_list: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -977,8 +1835,7 @@ pod_template_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1006,13 +1863,17 @@ pod_template_list: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1028,7 +1889,7 @@ pod_template_list: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1036,10 +1897,10 @@ pod_template_list: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1140,7 +2001,20 @@ pod_template_list: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -1180,9 +2054,27 @@ pod_template_list: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1215,6 +2107,805 @@ pod_template_list: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -1233,6 +2924,11 @@ pod_template_list: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1329,6 +3025,46 @@ pod_template_list: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -1392,6 +3128,13 @@ pod_template_list: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -1501,9 +3244,9 @@ pod_template_list: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -1529,6 +3272,10 @@ pod_template_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -1597,8 +3344,7 @@ pod_template_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1615,6 +3361,15 @@ pod_template_list: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -1789,6 +3544,14 @@ pod_template_list: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -1809,11 +3572,27 @@ pod_template_list: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -1875,6 +3654,209 @@ pod_template_list: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -1957,6 +3939,67 @@ pod_template_list: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -1979,8 +4022,9 @@ pod_template_list: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -2002,10 +4046,58 @@ pod_template_list: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -2018,6 +4110,15 @@ pod_template_list: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/k8s_v1_replication_controller.py b/library/k8s_v1_replication_controller.py index 11771bf7..56a190bc 100644 --- a/library/k8s_v1_replication_controller.py +++ b/library/k8s_v1_replication_controller.py @@ -131,6 +131,98 @@ options: aliases: - active_deadline_seconds type: int + spec_template_spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + spec_template_spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - automount_service_account_token + type: bool spec_template_spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -140,10 +232,18 @@ options: type: list spec_template_spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - dns_policy + spec_template_spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - host_aliases + type: list spec_template_spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -179,6 +279,21 @@ options: aliases: - image_pull_secrets type: list + spec_template_spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - init_containers + type: list spec_template_spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -200,6 +315,12 @@ options: Never. Default to Always. aliases: - restart_policy + spec_template_spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - scheduler_name spec_template_spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -288,6 +409,12 @@ options: aliases: - termination_grace_period_seconds type: int + spec_template_spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - tolerations + type: list spec_template_spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. @@ -325,7 +452,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -434,6 +561,150 @@ replication_controller: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -469,6 +740,14 @@ replication_controller: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -622,6 +901,158 @@ replication_controller: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -659,6 +1090,14 @@ replication_controller: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -710,6 +1149,493 @@ replication_controller: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -781,11 +1707,17 @@ replication_controller: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -814,8 +1746,7 @@ replication_controller: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -834,6 +1765,53 @@ replication_controller: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -910,8 +1888,7 @@ replication_controller: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -923,13 +1900,17 @@ replication_controller: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -992,8 +1973,7 @@ replication_controller: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1005,13 +1985,17 @@ replication_controller: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -1075,8 +2059,7 @@ replication_controller: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1104,13 +2087,17 @@ replication_controller: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1222,8 +2209,7 @@ replication_controller: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1251,13 +2237,17 @@ replication_controller: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1273,7 +2263,7 @@ replication_controller: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1281,10 +2271,10 @@ replication_controller: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1385,7 +2375,20 @@ replication_controller: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -1425,9 +2428,27 @@ replication_controller: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1460,6 +2481,805 @@ replication_controller: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -1478,6 +3298,11 @@ replication_controller: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1574,6 +3399,46 @@ replication_controller: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -1637,6 +3502,13 @@ replication_controller: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -1746,9 +3618,9 @@ replication_controller: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -1774,6 +3646,10 @@ replication_controller: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -1842,8 +3718,7 @@ replication_controller: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1860,6 +3735,15 @@ replication_controller: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -2034,6 +3918,14 @@ replication_controller: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -2054,11 +3946,27 @@ replication_controller: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -2120,6 +4028,209 @@ replication_controller: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2202,6 +4313,67 @@ replication_controller: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2224,8 +4396,9 @@ replication_controller: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -2247,10 +4420,58 @@ replication_controller: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -2263,6 +4484,15 @@ replication_controller: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/k8s_v1_replication_controller_list.py b/library/k8s_v1_replication_controller_list.py index 0828c636..e8009135 100644 --- a/library/k8s_v1_replication_controller_list.py +++ b/library/k8s_v1_replication_controller_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -212,6 +208,153 @@ replication_controller_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -248,6 +391,14 @@ replication_controller_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -412,6 +563,162 @@ replication_controller_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -450,6 +757,15 @@ replication_controller_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -502,6 +818,510 @@ replication_controller_list: try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the + system may or may not try to eventually evict the + pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system will try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must + be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some + other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by + iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches + the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this + field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system will + try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this + field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot @@ -575,11 +1395,17 @@ replication_controller_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -609,8 +1435,7 @@ replication_controller_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -629,6 +1454,53 @@ replication_controller_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -707,8 +1579,7 @@ replication_controller_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -720,13 +1591,17 @@ replication_controller_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is @@ -790,8 +1665,7 @@ replication_controller_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -803,13 +1677,17 @@ replication_controller_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be @@ -874,8 +1752,7 @@ replication_controller_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -903,13 +1780,17 @@ replication_controller_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1025,8 +1906,7 @@ replication_controller_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1054,13 +1934,17 @@ replication_controller_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1077,7 +1961,7 @@ replication_controller_list: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1085,10 +1969,10 @@ replication_controller_list: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1194,8 +2078,21 @@ replication_controller_list: \ termination message will be written is mounted into\ \ the container's filesystem. Message written is intended\ \ to be brief final status, such as an assertion failure\ - \ message. Defaults to /dev/termination-log. Cannot be\ - \ updated." + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. type: str tty: description: @@ -1236,9 +2133,27 @@ replication_controller_list: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To + have DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will + be injected into the pod's hosts file if specified. This is + only valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1272,6 +2187,825 @@ replication_controller_list: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init + containers are executed in order prior to containers being + started. If any init container fails, the pod is considered + to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be + unique among all containers. Init containers may not have + Lifecycle actions, Readiness probes, or Liveness probes. The + resourceRequirements of an init container are taken into account + during scheduling by finding the highest request/limit for + each resource type, and then using the max of of that value + or the sum of the normal containers. Limits are applied to + init containers in a similar fashion. Init containers cannot + currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is\ + \ used if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a\ + \ variable cannot be resolved, the reference in the input\ + \ string will be unchanged. The $(VAR_NAME) syntax can\ + \ be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided.\ + \ Variable references $(VAR_NAME) are expanded using the\ + \ container's environment. If a variable cannot be resolved,\ + \ the reference in the input string will be unchanged.\ + \ The $(VAR_NAME) syntax can be escaped with a double\ + \ $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists\ + \ or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. + Cannot be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the + container and any service environment variables. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot + be used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must + be a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container + is created. If the handler fails, the container is + terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is + terminated. The container is terminated after the + handler completes. The reason for termination is passed + to the handler. Regardless of the outcome of the handler, + the container is eventually terminated. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be + restarted if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be + updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a + port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will + be accessible from the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If + HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have + a unique name. Name for the port that can be referred + to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to + "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. + Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be + updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted + by the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the + host. Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image + at runtime to ensure that it does not run as UID 0 + (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate + a random SELinux context for each container. May also + be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the + container. + type: str + role: + description: + - Role is a SELinux role label that applies to the + container. + type: str + type: + description: + - Type is a SELinux type label that applies to the + container. + type: str + user: + description: + - User is a SELinux user label that applies to the + container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default + is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple + attach sessions. If stdinOnce is set to true, stdin is + opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into\ + \ the container's filesystem. Message written is intended\ + \ to be brief final status, such as an assertion failure\ + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, + also requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should + be mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific @@ -1290,6 +3024,11 @@ replication_controller_list: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1388,6 +3127,46 @@ replication_controller_list: Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a + pod can tolerate all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If + the operator is Exists, the value should be empty, otherwise + just a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging @@ -1452,6 +3231,13 @@ replication_controller_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will @@ -1564,8 +3350,9 @@ replication_controller_list: projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will - error. Paths must be relative and may not contain - the '..' path or start with '..'. + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. type: list contains: key: @@ -1592,6 +3379,11 @@ replication_controller_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be + defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that @@ -1662,8 +3454,7 @@ replication_controller_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1680,6 +3471,16 @@ replication_controller_list: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir + would be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that the + limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached @@ -1857,6 +3658,14 @@ replication_controller_list: to a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -1877,11 +3686,27 @@ replication_controller_list: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an + IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or @@ -1945,6 +3770,217 @@ replication_controller_list: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and + mounted on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to + be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and + downward API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must + be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will + be projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys + must be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: + only annotations, labels, name and namespace + are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath + is written in terms of, defaults to + "v1". + type: str + field_path: + description: + - Path of the field to select in the + specified API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not\ + \ be absolute or contain the '..' path.\ + \ Must be utf-8 encoded. The first item\ + \ of the relative path must not start\ + \ with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the + exposed resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced Secret will be + projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must + be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2028,6 +4064,68 @@ replication_controller_list: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured + storage (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user + and other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should + be thick or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2050,9 +4148,9 @@ replication_controller_list: is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is - not present in the Secret, the volume setup will error. - Paths must be relative and may not contain the '..' - path or start with '..'. + not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. type: list contains: key: @@ -2075,10 +4173,60 @@ replication_controller_list: path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then + the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and @@ -2092,6 +4240,15 @@ replication_controller_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/k8s_v1_resource_quota.py b/library/k8s_v1_resource_quota.py index aec8ef3e..77e4e7cc 100644 --- a/library/k8s_v1_resource_quota.py +++ b/library/k8s_v1_resource_quota.py @@ -120,7 +120,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -227,6 +227,150 @@ resource_quota: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -262,6 +406,14 @@ resource_quota: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -300,14 +452,14 @@ resource_quota: type: str spec: description: - - Spec defines the desired quota. http://releases.k8s.io/HEAD/docs/devel/api-conventions.md + - Spec defines the desired quota. type: complex contains: hard: description: - Hard is the set of desired hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str scopes: description: - A collection of filters that must match each object tracked by a quota. @@ -316,19 +468,19 @@ resource_quota: contains: str status: description: - - Status defines the actual enforced quota and its current usage. http://releases.k8s.io/HEAD/docs/devel/api-conventions.md + - Status defines the actual enforced quota and its current usage. type: complex contains: hard: description: - Hard is the set of enforced hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str used: description: - Used is the current observed total usage of the resource in the namespace. type: complex - contains: str, ResourceQuantity + contains: str, str ''' diff --git a/library/k8s_v1_resource_quota_list.py b/library/k8s_v1_resource_quota_list.py index bafa6be9..3f559e9e 100644 --- a/library/k8s_v1_resource_quota_list.py +++ b/library/k8s_v1_resource_quota_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ resource_quota_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ resource_quota_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -287,14 +438,14 @@ resource_quota_list: type: str spec: description: - - Spec defines the desired quota. http://releases.k8s.io/HEAD/docs/devel/api-conventions.md + - Spec defines the desired quota. type: complex contains: hard: description: - Hard is the set of desired hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str scopes: description: - A collection of filters that must match each object tracked by a quota. @@ -303,19 +454,19 @@ resource_quota_list: contains: str status: description: - - Status defines the actual enforced quota and its current usage. http://releases.k8s.io/HEAD/docs/devel/api-conventions.md + - Status defines the actual enforced quota and its current usage. type: complex contains: hard: description: - Hard is the set of enforced hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str used: description: - Used is the current observed total usage of the resource in the namespace. type: complex - contains: str, ResourceQuantity + contains: str, str kind: description: - Kind is a string value representing the REST resource this object represents. diff --git a/library/k8s_v1_scale.py b/library/k8s_v1_scale.py index 25524969..9e08b6d4 100644 --- a/library/k8s_v1_scale.py +++ b/library/k8s_v1_scale.py @@ -89,7 +89,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -196,6 +196,150 @@ scale: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -231,6 +375,14 @@ scale: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_secret.py b/library/k8s_v1_secret.py index e4d7d19c..bf7263d0 100644 --- a/library/k8s_v1_secret.py +++ b/library/k8s_v1_secret.py @@ -29,10 +29,10 @@ options: - The name of a context found in the Kubernetes config file. data: description: - - Data contains the secret data. Each key must be a valid DNS_SUBDOMAIN or leading - dot followed by valid DNS_SUBDOMAIN. The serialized form of the secret data - is a base64 encoded string, representing the arbitrary (possibly non-string) - data value here. Described in + - Data contains the secret data. Each key must consist of alphanumeric characters, + '-', '_' or '.'. The serialized form of the secret data is a base64 encoded + string, representing the arbitrary (possibly non-string) data value here. Described + in type: dict debug: description: @@ -124,7 +124,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -146,10 +146,10 @@ secret: type: str data: description: - - Data contains the secret data. Each key must be a valid DNS_SUBDOMAIN or leading - dot followed by valid DNS_SUBDOMAIN. The serialized form of the secret data - is a base64 encoded string, representing the arbitrary (possibly non-string) - data value here. Described in + - Data contains the secret data. Each key must consist of alphanumeric characters, + '-', '_' or '.'. The serialized form of the secret data is a base64 encoded + string, representing the arbitrary (possibly non-string) data value here. + Described in type: complex contains: str, str kind: @@ -239,6 +239,150 @@ secret: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -274,6 +418,14 @@ secret: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_secret_list.py b/library/k8s_v1_secret_list.py index efd17f45..07c6dcae 100644 --- a/library/k8s_v1_secret_list.py +++ b/library/k8s_v1_secret_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -122,10 +118,10 @@ secret_list: type: str data: description: - - Data contains the secret data. Each key must be a valid DNS_SUBDOMAIN - or leading dot followed by valid DNS_SUBDOMAIN. The serialized form of - the secret data is a base64 encoded string, representing the arbitrary - (possibly non-string) data value here. Described in + - Data contains the secret data. Each key must consist of alphanumeric characters, + '-', '_' or '.'. The serialized form of the secret data is a base64 encoded + string, representing the arbitrary (possibly non-string) data value here. + Described in type: complex contains: str, str kind: @@ -218,6 +214,153 @@ secret_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -254,6 +397,14 @@ secret_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_self_subject_access_review.py b/library/k8s_v1_self_subject_access_review.py new file mode 100644 index 00000000..1dc7f38a --- /dev/null +++ b/library/k8s_v1_self_subject_access_review.py @@ -0,0 +1,565 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1_self_subject_access_review +short_description: Kubernetes SelfSubjectAccessReview +description: +- Manage the lifecycle of a self_subject_access_review object. Supports check mode, + and attempts to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + spec_non_resource_attributes_path: + description: + - Path is the URL path of the request + aliases: + - non_resource_attributes_path + spec_non_resource_attributes_verb: + description: + - Verb is the standard HTTP verb + aliases: + - non_resource_attributes_verb + spec_resource_attributes_group: + description: + - Group is the API Group of the Resource. "*" means all. + aliases: + - resource_attributes_group + spec_resource_attributes_name: + description: + - Name is the name of the resource being requested for a "get" or deleted for + a "delete". "" (empty) means all. + aliases: + - resource_attributes_name + spec_resource_attributes_namespace: + description: + - Namespace is the namespace of the action being requested. Currently, there is + no distinction between no namespace and all namespaces "" (empty) is defaulted + for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources + "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview + or SelfSubjectAccessReview + aliases: + - resource_attributes_namespace + spec_resource_attributes_resource: + description: + - Resource is one of the existing resource types. "*" means all. + aliases: + - resource_attributes_resource + spec_resource_attributes_subresource: + description: + - Subresource is one of the existing resource types. "" means none. + aliases: + - resource_attributes_subresource + spec_resource_attributes_verb: + description: + - 'Verb is a kubernetes resource API verb, like: get, list, watch, create, update, + delete, proxy. "*" means all.' + aliases: + - resource_attributes_verb + spec_resource_attributes_version: + description: + - Version is the API Version of the Resource. "*" means all. + aliases: + - resource_attributes_version + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +self_subject_access_review: + type: complex + returned: on success + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: [] + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + spec: + description: + - Spec holds information about the request being evaluated. user and groups + must be empty + type: complex + contains: + non_resource_attributes: + description: + - NonResourceAttributes describes information for a non-resource access + request + type: complex + contains: + path: + description: + - Path is the URL path of the request + type: str + verb: + description: + - Verb is the standard HTTP verb + type: str + resource_attributes: + description: + - ResourceAuthorizationAttributes describes information for a resource access + request + type: complex + contains: + group: + description: + - Group is the API Group of the Resource. "*" means all. + type: str + name: + description: + - Name is the name of the resource being requested for a "get" or deleted + for a "delete". "" (empty) means all. + type: str + namespace: + description: + - Namespace is the namespace of the action being requested. Currently, + there is no distinction between no namespace and all namespaces "" + (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty + for cluster-scoped resources "" (empty) means "all" for namespace + scoped resources from a SubjectAccessReview or SelfSubjectAccessReview + type: str + resource: + description: + - Resource is one of the existing resource types. "*" means all. + type: str + subresource: + description: + - Subresource is one of the existing resource types. "" means none. + type: str + verb: + description: + - 'Verb is a kubernetes resource API verb, like: get, list, watch, create, + update, delete, proxy. "*" means all.' + type: str + version: + description: + - Version is the API Version of the Resource. "*" means all. + type: str + status: + description: + - Status is filled in by the server and indicates whether the request is allowed + or not + type: complex + contains: + allowed: + description: + - Allowed is required. True if the action would be allowed, false otherwise. + type: bool + evaluation_error: + description: + - EvaluationError is an indication that some error occurred during the authorization + check. It is entirely possible to get an error and be able to continue + determine authorization status in spite of it. For instance, RBAC can + be missing a role, but enough roles are still present and bound to reason + about the request. + type: str + reason: + description: + - Reason is optional. It indicates why a request was allowed or denied. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('self_subject_access_review', 'V1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1_service.py b/library/k8s_v1_service.py index 1969aee4..1b1460a7 100644 --- a/library/k8s_v1_service.py +++ b/library/k8s_v1_service.py @@ -87,24 +87,13 @@ options: and LoadBalancer. Ignored if type is ExternalName. aliases: - cluster_ip - spec_deprecated_public_i_ps: - description: - - deprecatedPublicIPs is deprecated and replaced by the externalIPs field with - almost the exact same semantics. This field is retained in the v1 API for compatibility - until at least 8/20/2016. It will be removed from any new API revisions. If - both deprecatedPublicIPs *and* externalIPs are set, deprecatedPublicIPs is used. - aliases: - - deprecated_public_i_ps - type: list spec_external_i_ps: description: - externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes - system. A previous form of this functionality exists as the deprecatedPublicIPs - field. When using this field, callers should also clear the deprecatedPublicIPs - field. + system. aliases: - external_i_ps type: list @@ -115,6 +104,26 @@ options: valid DNS name and requires Type to be ExternalName. aliases: - external_name + spec_external_traffic_policy: + description: + - externalTrafficPolicy denotes if this Service desires to route external traffic + to node-local or cluster-wide endpoints. "Local" preserves the client source + IP and avoids a second hop for LoadBalancer and Nodeport type services, but + risks potentially imbalanced traffic spreading. "Cluster" obscures the client + source IP and may cause a second hop to another node, but should have good overall + load-spreading. + aliases: + - external_traffic_policy + spec_health_check_node_port: + description: + - healthCheckNodePort specifies the healthcheck nodePort for the service. If not + specified, HealthCheckNodePort is created by the service api backend with the + allocated nodePort. Will use user-specified nodePort value if specified by the + client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy + is set to Local. + aliases: + - health_check_node_port + type: int spec_load_balancer_ip: description: - 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with @@ -198,7 +207,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -230,7 +239,7 @@ EXAMPLES = ''' - port: 8788 target_port: 8080 name: socket-port - type: NodePort + type: ClusterIP - name: Create service k8s_v1_service.yml: @@ -274,7 +283,7 @@ EXAMPLES = ''' - port: 8080 target_port: 8080 name: http - type: ClusterIP + type: NodePort ''' RETURN = ''' @@ -378,6 +387,150 @@ service: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -413,6 +566,14 @@ service: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -451,7 +612,7 @@ service: type: str spec: description: - - Spec defines the behavior of a service. http://releases.k8s.io/HEAD/docs/devel/api-conventions.md + - Spec defines the behavior of a service. type: complex contains: cluster_ip: @@ -465,24 +626,13 @@ service: applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. type: str - deprecated_public_i_ps: - description: - - deprecatedPublicIPs is deprecated and replaced by the externalIPs field - with almost the exact same semantics. This field is retained in the v1 - API for compatibility until at least 8/20/2016. It will be removed from - any new API revisions. If both deprecatedPublicIPs *and* externalIPs are - set, deprecatedPublicIPs is used. - type: list - contains: str external_i_ps: description: - externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part - of the Kubernetes system. A previous form of this functionality exists - as the deprecatedPublicIPs field. When using this field, callers should - also clear the deprecatedPublicIPs field. + of the Kubernetes system. type: list contains: str external_name: @@ -491,6 +641,23 @@ service: return as a CNAME record for this service. No proxying will be involved. Must be a valid DNS name and requires Type to be ExternalName. type: str + external_traffic_policy: + description: + - externalTrafficPolicy denotes if this Service desires to route external + traffic to node-local or cluster-wide endpoints. "Local" preserves the + client source IP and avoids a second hop for LoadBalancer and Nodeport + type services, but risks potentially imbalanced traffic spreading. "Cluster" + obscures the client source IP and may cause a second hop to another node, + but should have good overall load-spreading. + type: str + health_check_node_port: + description: + - healthCheckNodePort specifies the healthcheck nodePort for the service. + If not specified, HealthCheckNodePort is created by the service api backend + with the allocated nodePort. Will use user-specified nodePort value if + specified by the client. Only effects when Type is set to LoadBalancer + and ExternalTrafficPolicy is set to Local. + type: int load_balancer_ip: description: - 'Only applies to Service Type: LoadBalancer LoadBalancer will get created @@ -545,8 +712,7 @@ service: 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. - type: complex - contains: {} + type: str selector: description: - Route service traffic to pods with label keys and values matching this diff --git a/library/k8s_v1_service_account.py b/library/k8s_v1_service_account.py index 4b02db27..f65935a7 100644 --- a/library/k8s_v1_service_account.py +++ b/library/k8s_v1_service_account.py @@ -20,6 +20,12 @@ options: api_key: description: - Token used to connect to the API. + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether pods running as this service + account should have an API token automatically mounted. Can be overridden at + the pod level. + type: bool cert_file: description: - Path to a certificate used to authenticate with the API. @@ -119,7 +125,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -139,6 +145,12 @@ service_account: Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether pods running as this service + account should have an API token automatically mounted. Can be overridden + at the pod level. + type: bool image_pull_secrets: description: - ImagePullSecrets is a list of references to secrets in the same namespace @@ -238,6 +250,150 @@ service_account: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -273,6 +429,14 @@ service_account: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_service_account_list.py b/library/k8s_v1_service_account_list.py index 929cfb1c..62bbfcc0 100644 --- a/library/k8s_v1_service_account_list.py +++ b/library/k8s_v1_service_account_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -120,6 +116,12 @@ service_account_list: Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether pods running as this service + account should have an API token automatically mounted. Can be overridden + at the pod level. + type: bool image_pull_secrets: description: - ImagePullSecrets is a list of references to secrets in the same namespace @@ -222,6 +224,153 @@ service_account_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -258,6 +407,14 @@ service_account_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1_service_list.py b/library/k8s_v1_service_list.py index 0652f067..92c1f438 100644 --- a/library/k8s_v1_service_list.py +++ b/library/k8s_v1_service_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ service_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ service_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -287,7 +438,7 @@ service_list: type: str spec: description: - - Spec defines the behavior of a service. http://releases.k8s.io/HEAD/docs/devel/api-conventions.md + - Spec defines the behavior of a service. type: complex contains: cluster_ip: @@ -301,24 +452,13 @@ service_list: is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. type: str - deprecated_public_i_ps: - description: - - deprecatedPublicIPs is deprecated and replaced by the externalIPs - field with almost the exact same semantics. This field is retained - in the v1 API for compatibility until at least 8/20/2016. It will - be removed from any new API revisions. If both deprecatedPublicIPs - *and* externalIPs are set, deprecatedPublicIPs is used. - type: list - contains: str external_i_ps: description: - externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers - that are not part of the Kubernetes system. A previous form of this - functionality exists as the deprecatedPublicIPs field. When using - this field, callers should also clear the deprecatedPublicIPs field. + that are not part of the Kubernetes system. type: list contains: str external_name: @@ -327,6 +467,23 @@ service_list: will return as a CNAME record for this service. No proxying will be involved. Must be a valid DNS name and requires Type to be ExternalName. type: str + external_traffic_policy: + description: + - externalTrafficPolicy denotes if this Service desires to route external + traffic to node-local or cluster-wide endpoints. "Local" preserves + the client source IP and avoids a second hop for LoadBalancer and + Nodeport type services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause a second hop + to another node, but should have good overall load-spreading. + type: str + health_check_node_port: + description: + - healthCheckNodePort specifies the healthcheck nodePort for the service. + If not specified, HealthCheckNodePort is created by the service api + backend with the allocated nodePort. Will use user-specified nodePort + value if specified by the client. Only effects when Type is set to + LoadBalancer and ExternalTrafficPolicy is set to Local. + type: int load_balancer_ip: description: - 'Only applies to Service Type: LoadBalancer LoadBalancer will get @@ -381,8 +538,7 @@ service_list: specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. - type: complex - contains: {} + type: str selector: description: - Route service traffic to pods with label keys and values matching diff --git a/library/k8s_v1_status.py b/library/k8s_v1_status.py new file mode 100644 index 00000000..366b833e --- /dev/null +++ b/library/k8s_v1_status.py @@ -0,0 +1,241 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1_status +short_description: Kubernetes Status +description: +- Manage the lifecycle of a status object. Supports check mode, and attempts to to + be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + details_causes: + description: + - The Causes array includes more details associated with the StatusReason failure. + Not all StatusReasons may provide detailed causes. + aliases: + - causes + type: list + details_group: + description: + - The group attribute of the resource associated with the status StatusReason. + aliases: + - group + details_kind: + description: + - The kind attribute of the resource associated with the status StatusReason. + On some operations may differ from the requested resource Kind. + aliases: + - kind + details_name: + description: + - The name attribute of the resource associated with the status StatusReason (when + there is a single name which can be described). + aliases: + - name + details_retry_after_seconds: + description: + - If specified, the time in seconds before the operation should be retried. + aliases: + - retry_after_seconds + type: int + details_uid: + description: + - UID of the resource. (when there is a single resource which can be described). + aliases: + - uid + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + message: + description: + - A human-readable description of the status of this operation. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + reason: + description: + - A machine-readable description of why this operation is in the "Failure" status. + If this value is empty there is no information available. A Reason clarifies + an HTTP status code but does not override it. + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +status: + type: complex + returned: on success + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define its own extended + details. This field is optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the StatusReason + failure. Not all StatusReasons may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, as named by + its JSON serialization. May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. This field + may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. If this + value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status StatusReason. + On some operations may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status StatusReason + (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this object that + can be used by clients to determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the "Failure" status. + If this value is empty there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('status', 'V1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1_storage_class.py b/library/k8s_v1_storage_class.py new file mode 100644 index 00000000..6b172385 --- /dev/null +++ b/library/k8s_v1_storage_class.py @@ -0,0 +1,475 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1_storage_class +short_description: Kubernetes StorageClass +description: +- Manage the lifecycle of a storage_class object. Supports check mode, and attempts + to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + parameters: + description: + - Parameters holds the parameters for the provisioner that should create volumes + of this storage class. + type: dict + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + provisioner: + description: + - Provisioner indicates the type of the provisioner. + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +storage_class: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + parameters: + description: + - Parameters holds the parameters for the provisioner that should create volumes + of this storage class. + type: complex + contains: str, str + provisioner: + description: + - Provisioner indicates the type of the provisioner. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('storage_class', 'V1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1_storage_class_list.py b/library/k8s_v1_storage_class_list.py new file mode 100644 index 00000000..d07bffe4 --- /dev/null +++ b/library/k8s_v1_storage_class_list.py @@ -0,0 +1,488 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1_storage_class_list +short_description: Kubernetes StorageClassList +description: +- Retrieve a list of storage_class. List operations provide a snapshot read of the + underlying objects, returning a resource_version representing a consistent version + of the listed objects. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +storage_class_list: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + items: + description: + - Items is the list of StorageClasses + type: list + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource + that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used + to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is + going to ignore it if set in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. + It is represented in RFC3339 form and is in UTC. Populated by the + system. Read-only. Null for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource + will be deleted. This field is set by the server when a graceful deletion + is requested by the user, and is not directly settable by a client. + The resource is expected to be deleted (no longer visible from resource + lists, and not reachable by name) after the time in this field. Once + set, this value may not be unset or be set further into the future, + although it may be shortened or the resource may be deleted prior + to this time. For example, a user may request that a pod is deleted + in 30 seconds. The Kubelet will react by sending a graceful termination + signal to the containers in the pod. After that 30 seconds, the Kubelet + will send a hard termination signal (SIGKILL) to the container and + after cleanup, remove the pod from the API. In the presence of network + partitions, this object may still exist after this timestamp, until + an administrator or automated process can determine the resource is + fully terminated. If not set, graceful deletion of the object has + not been requested. Populated by the system when a graceful deletion + is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each + entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is + non-nil, entries in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate + a unique name ONLY IF the Name field has not been provided. If this + field is used, the name returned to the client will be different than + the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make + the value unique on the server. If this field is specified and the + generated name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time allotted, + and the client should retry (optionally after the time indicated in + the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired + state. Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily + intended for creation idempotence and configuration definition. Cannot + be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" + is the canonical representation. Not all objects are required to be + scoped to a namespace - the value of this field for those objects + will be empty. Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list + have been deleted, this object will be garbage collected. If this + object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object + that can be used by clients to determine when objects have changed. + May be used for optimistic concurrency, change detection, and the + watch operation on a resource or set of resources. Clients must treat + these values as opaque and passed unmodified back to the server. They + may only be valid for a particular resource or set of resources. Populated + by the system. Read-only. Value must be treated as opaque by clients + and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. + Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is + not allowed to change on PUT operations. Populated by the system. + Read-only. + type: str + parameters: + description: + - Parameters holds the parameters for the provisioner that should create + volumes of this storage class. + type: complex + contains: str, str + provisioner: + description: + - Provisioner indicates the type of the provisioner. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard list metadata + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this object that + can be used by clients to determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('storage_class_list', 'V1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1_subject_access_review.py b/library/k8s_v1_subject_access_review.py new file mode 100644 index 00000000..ff6be0a6 --- /dev/null +++ b/library/k8s_v1_subject_access_review.py @@ -0,0 +1,599 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1_subject_access_review +short_description: Kubernetes SubjectAccessReview +description: +- Manage the lifecycle of a subject_access_review object. Supports check mode, and + attempts to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + spec_extra: + description: + - Extra corresponds to the user.Info.GetExtra() method from the authenticator. + Since that is input to the authorizer it needs a reflection here. + aliases: + - extra + type: dict + spec_groups: + description: + - Groups is the groups you're testing for. + aliases: + - groups + type: list + spec_non_resource_attributes_path: + description: + - Path is the URL path of the request + aliases: + - non_resource_attributes_path + spec_non_resource_attributes_verb: + description: + - Verb is the standard HTTP verb + aliases: + - non_resource_attributes_verb + spec_resource_attributes_group: + description: + - Group is the API Group of the Resource. "*" means all. + aliases: + - resource_attributes_group + spec_resource_attributes_name: + description: + - Name is the name of the resource being requested for a "get" or deleted for + a "delete". "" (empty) means all. + aliases: + - resource_attributes_name + spec_resource_attributes_namespace: + description: + - Namespace is the namespace of the action being requested. Currently, there is + no distinction between no namespace and all namespaces "" (empty) is defaulted + for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources + "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview + or SelfSubjectAccessReview + aliases: + - resource_attributes_namespace + spec_resource_attributes_resource: + description: + - Resource is one of the existing resource types. "*" means all. + aliases: + - resource_attributes_resource + spec_resource_attributes_subresource: + description: + - Subresource is one of the existing resource types. "" means none. + aliases: + - resource_attributes_subresource + spec_resource_attributes_verb: + description: + - 'Verb is a kubernetes resource API verb, like: get, list, watch, create, update, + delete, proxy. "*" means all.' + aliases: + - resource_attributes_verb + spec_resource_attributes_version: + description: + - Version is the API Version of the Resource. "*" means all. + aliases: + - resource_attributes_version + spec_user: + description: + - User is the user you're testing for. If you specify "User" but not "Groups", + then is it interpreted as "What if User were not a member of any groups + aliases: + - user + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +subject_access_review: + type: complex + returned: on success + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: [] + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + spec: + description: + - Spec holds information about the request being evaluated + type: complex + contains: + extra: + description: + - Extra corresponds to the user.Info.GetExtra() method from the authenticator. + Since that is input to the authorizer it needs a reflection here. + type: complex + contains: str, list[str] + groups: + description: + - Groups is the groups you're testing for. + type: list + contains: str + non_resource_attributes: + description: + - NonResourceAttributes describes information for a non-resource access + request + type: complex + contains: + path: + description: + - Path is the URL path of the request + type: str + verb: + description: + - Verb is the standard HTTP verb + type: str + resource_attributes: + description: + - ResourceAuthorizationAttributes describes information for a resource access + request + type: complex + contains: + group: + description: + - Group is the API Group of the Resource. "*" means all. + type: str + name: + description: + - Name is the name of the resource being requested for a "get" or deleted + for a "delete". "" (empty) means all. + type: str + namespace: + description: + - Namespace is the namespace of the action being requested. Currently, + there is no distinction between no namespace and all namespaces "" + (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty + for cluster-scoped resources "" (empty) means "all" for namespace + scoped resources from a SubjectAccessReview or SelfSubjectAccessReview + type: str + resource: + description: + - Resource is one of the existing resource types. "*" means all. + type: str + subresource: + description: + - Subresource is one of the existing resource types. "" means none. + type: str + verb: + description: + - 'Verb is a kubernetes resource API verb, like: get, list, watch, create, + update, delete, proxy. "*" means all.' + type: str + version: + description: + - Version is the API Version of the Resource. "*" means all. + type: str + user: + description: + - User is the user you're testing for. If you specify "User" but not "Groups", + then is it interpreted as "What if User were not a member of any groups + type: str + status: + description: + - Status is filled in by the server and indicates whether the request is allowed + or not + type: complex + contains: + allowed: + description: + - Allowed is required. True if the action would be allowed, false otherwise. + type: bool + evaluation_error: + description: + - EvaluationError is an indication that some error occurred during the authorization + check. It is entirely possible to get an error and be able to continue + determine authorization status in spite of it. For instance, RBAC can + be missing a role, but enough roles are still present and bound to reason + about the request. + type: str + reason: + description: + - Reason is optional. It indicates why a request was allowed or denied. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('subject_access_review', 'V1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1beta1_scale.py b/library/k8s_v1_token_review.py similarity index 56% rename from library/k8s_v1beta1_scale.py rename to library/k8s_v1_token_review.py index 14f2a25e..22260988 100644 --- a/library/k8s_v1beta1_scale.py +++ b/library/k8s_v1_token_review.py @@ -3,11 +3,11 @@ from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException DOCUMENTATION = ''' -module: k8s_v1beta1_scale -short_description: Kubernetes Scale +module: k8s_v1_token_review +short_description: Kubernetes TokenReview description: -- Manage the lifecycle of a scale object. Supports check mode, and attempts to to - be idempotent. +- Manage the lifecycle of a token_review object. Supports check mode, and attempts + to to be idempotent. version_added: 2.3.0 author: OpenShift (@openshift) options: @@ -71,12 +71,11 @@ options: password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). - spec_replicas: + spec_token: description: - - desired number of instances for the scaled object. + - Token is the opaque bearer token. aliases: - - replicas - type: int + - token ssl_ca_cert: description: - Path to a CA certificate used to authenticate with the API. @@ -89,7 +88,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -99,7 +98,7 @@ RETURN = ''' api_version: type: string description: Requested API version -scale: +token_review: type: complex returned: on success contains: @@ -116,8 +115,7 @@ scale: be updated. In CamelCase. type: str metadata: - description: - - Standard object metadata; + description: [] type: complex contains: annotations: @@ -196,6 +194,150 @@ scale: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -231,6 +373,14 @@ scale: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -269,42 +419,58 @@ scale: type: str spec: description: - - defines the behavior of the scale. + - Spec holds information about the request being evaluated type: complex contains: - replicas: + token: description: - - desired number of instances for the scaled object. - type: int + - Token is the opaque bearer token. + type: str status: description: - - current status of the scale. + - Status is filled in by the server and indicates whether the request can be + authenticated. type: complex contains: - replicas: + authenticated: description: - - actual number of observed instances of the scaled object. - type: int - selector: + - Authenticated indicates that the token was associated with a known user. + type: bool + error: description: - - label query over pods that should match the replicas count. - type: complex - contains: str, str - target_selector: - description: - - label selector for pods that should match the replicas count. This is - a serializated version of both map-based and more expressive set-based - selectors. This is done to avoid introspection in the clients. The string - will be in the same format as the query-param syntax. If the target type - only supports map-based selectors, both this field and map-based selector - field are populated. + - Error indicates that the token couldn't be checked type: str + user: + description: + - User is the UserInfo associated with the provided token. + type: complex + contains: + extra: + description: + - Any additional information provided by the authenticator. + type: complex + contains: str, list[str] + groups: + description: + - The names of groups this user is a part of. + type: list + contains: str + uid: + description: + - A unique value that identifies this user across time. If this user + is deleted and another user by the same name is added, they will have + different UIDs. + type: str + username: + description: + - The name that uniquely identifies this user among all active users. + type: str ''' def main(): try: - module = KubernetesAnsibleModule('scale', 'V1beta1') + module = KubernetesAnsibleModule('token_review', 'V1') except KubernetesAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) diff --git a/library/k8s_v1alpha1_cluster_role.py b/library/k8s_v1alpha1_cluster_role.py index bdbaf31a..e064637d 100644 --- a/library/k8s_v1alpha1_cluster_role.py +++ b/library/k8s_v1alpha1_cluster_role.py @@ -111,7 +111,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -218,6 +218,150 @@ cluster_role: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -253,6 +397,14 @@ cluster_role: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -301,17 +453,6 @@ cluster_role: the enumerated resources in any API group will be allowed. type: list contains: str - attribute_restrictions: - description: - - AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder - pair supports. If the Authorizer does not recognize how to handle the - AttributeRestrictions, the Authorizer should report an error. - type: complex - contains: - raw: - description: - - Raw is the underlying serialization of this object. - type: str non_resource_ur_ls: description: - NonResourceURLs is a set of partial urls that a user should have access diff --git a/library/k8s_v1alpha1_cluster_role_binding.py b/library/k8s_v1alpha1_cluster_role_binding.py index 361cc5ec..5b6c6aac 100644 --- a/library/k8s_v1alpha1_cluster_role_binding.py +++ b/library/k8s_v1alpha1_cluster_role_binding.py @@ -126,7 +126,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -233,6 +233,150 @@ cluster_role_binding: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -268,6 +412,14 @@ cluster_role_binding: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -329,7 +481,9 @@ cluster_role_binding: contains: api_version: description: - - APIVersion holds the API group and version of the referenced object. + - APIVersion holds the API group and version of the referenced subject. + Defaults to "v1" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io/v1alpha1" + for User and Group subjects. type: str kind: description: diff --git a/library/k8s_v1alpha1_cluster_role_binding_list.py b/library/k8s_v1alpha1_cluster_role_binding_list.py index a60dd65c..53099455 100644 --- a/library/k8s_v1alpha1_cluster_role_binding_list.py +++ b/library/k8s_v1alpha1_cluster_role_binding_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ cluster_role_binding_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ cluster_role_binding_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -310,7 +461,9 @@ cluster_role_binding_list: contains: api_version: description: - - APIVersion holds the API group and version of the referenced object. + - APIVersion holds the API group and version of the referenced subject. + Defaults to "v1" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io/v1alpha1" + for User and Group subjects. type: str kind: description: diff --git a/library/k8s_v1alpha1_cluster_role_list.py b/library/k8s_v1alpha1_cluster_role_list.py index 9d764041..0831eaa5 100644 --- a/library/k8s_v1alpha1_cluster_role_list.py +++ b/library/k8s_v1alpha1_cluster_role_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ cluster_role_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ cluster_role_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -297,17 +448,6 @@ cluster_role_list: one of the enumerated resources in any API group will be allowed. type: list contains: str - attribute_restrictions: - description: - - AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder - pair supports. If the Authorizer does not recognize how to handle - the AttributeRestrictions, the Authorizer should report an error. - type: complex - contains: - raw: - description: - - Raw is the underlying serialization of this object. - type: str non_resource_ur_ls: description: - NonResourceURLs is a set of partial urls that a user should have access diff --git a/library/openshift_v1_policy.py b/library/k8s_v1alpha1_external_admission_hook_configuration.py similarity index 54% rename from library/openshift_v1_policy.py rename to library/k8s_v1alpha1_external_admission_hook_configuration.py index db541791..bad88e0e 100644 --- a/library/openshift_v1_policy.py +++ b/library/k8s_v1alpha1_external_admission_hook_configuration.py @@ -1,13 +1,13 @@ #!/usr/bin/env python -from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException DOCUMENTATION = ''' -module: openshift_v1_policy -short_description: OpenShift Policy +module: k8s_v1alpha1_external_admission_hook_configuration +short_description: Kubernetes ExternalAdmissionHookConfiguration description: -- Manage the lifecycle of a policy object. Supports check mode, and attempts to to - be idempotent. +- Manage the lifecycle of a external_admission_hook_configuration object. Supports + check mode, and attempts to to be idempotent. version_added: 2.3.0 author: OpenShift (@openshift) options: @@ -32,6 +32,11 @@ options: - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log default: false type: bool + external_admission_hooks: + description: + - ExternalAdmissionHooks is a list of external admission webhooks and the affected + resources and operations. + type: list force: description: - If set to C(True), and I(state) is C(present), an existing object will updated, @@ -76,10 +81,6 @@ options: - Provide the YAML definition for the object, bypassing any modules parameters intended to define object attributes. type: dict - roles: - description: - - Roles holds all the Roles held by this Policy, mapped by Role.Name - type: list src: description: - Provide a path to a file containing the YAML definition of the object. Mutually @@ -111,7 +112,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -121,7 +122,7 @@ RETURN = ''' api_version: type: string description: Requested API version -policy: +external_admission_hook_configuration: type: complex returned: when I(state) = C(present) contains: @@ -131,21 +132,97 @@ policy: Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str + external_admission_hooks: + description: + - ExternalAdmissionHooks is a list of external admission webhooks and the affected + resources and operations. + type: list + contains: + client_config: + description: + - ClientConfig defines how to communicate with the hook. Required + type: complex + contains: + ca_bundle: + description: + - CABundle is a PEM encoded CA bundle which will be used to validate + webhook's server certificate. Required + type: str + service: + description: + - Service is a reference to the service for this webhook. If there is + only one port open for the service, that port will be used. If there + are multiple ports open, port 443 will be used if it is open, otherwise + it is an error. Required + type: complex + contains: + name: + description: + - Name is the name of the service Required + type: str + namespace: + description: + - Namespace is the namespace of the service Required + type: str + failure_policy: + description: + - FailurePolicy defines how unrecognized errors from the admission endpoint + are handled - allowed values are Ignore or Fail. Defaults to Ignore. + type: str + name: + description: + - The name of the external admission webhook. Name should be fully qualified, + e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the + webhook, and kubernetes.io is the name of the organization. Required. + type: str + rules: + description: + - Rules describes what operations on what resources/subresources the webhook + cares about. The webhook cares about an operation if it matches _any_ + Rule. + type: list + contains: + api_groups: + description: + - APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. Required. + type: list + contains: str + api_versions: + description: + - APIVersions is the API versions the resources belong to. '*' is all + versions. If '*' is present, the length of the slice must be one. + Required. + type: list + contains: str + operations: + description: + - Operations is the operations the admission hook cares about - CREATE, + UPDATE, or * for all operations. If '*' is present, the length of + the slice must be one. Required. + type: list + contains: str + resources: + description: + - "Resources is a list of resources this rule applies to. For example:\ + \ 'pods' means pods. 'pods/log' means the log subresource of pods.\ + \ '*' means all resources, but not subresources. 'pods/*' means all\ + \ subresources of pods. '*/scale' means all scale subresources. '*/*'\ + \ means all resources and their subresources. If wildcard is present,\ + \ the validation rule will ensure resources do not overlap with each\ + \ other. Depending on the enclosing object, subresources might not\ + \ be allowed. Required." + type: list + contains: str kind: description: - Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. type: str - last_modified: - description: - - LastModified is the last time that any part of the Policy was created, updated, - or deleted - type: complex - contains: {} metadata: description: - - Standard object's metadata. + - Standard object metadata; type: complex contains: annotations: @@ -224,6 +301,150 @@ policy: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -259,6 +480,14 @@ policy: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -295,260 +524,19 @@ policy: generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. type: str - roles: - description: - - Roles holds all the Roles held by this Policy, mapped by Role.Name - type: list - contains: - name: - description: - - Name is the name of the role - type: str - role: - description: - - Role is the role being named - type: complex - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of - an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object - represents. Servers may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - type: str - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource - that may be set by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be preserved when - modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used - to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver - is going to ignore it if set in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in - happens-before order across separate operations. Clients may not - set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource - will be deleted. This field is set by the server when a graceful - deletion is requested by the user, and is not directly settable - by a client. The resource is expected to be deleted (no longer - visible from resource lists, and not reachable by name) after - the time in this field. Once set, this value may not be unset - or be set further into the future, although it may be shortened - or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet - will react by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a hard - termination signal (SIGKILL) to the container and after cleanup, - remove the pod from the API. In the presence of network partitions, - this object may still exist after this timestamp, until an administrator - or automated process can determine the resource is fully terminated. - If not set, graceful deletion of the object has not been requested. - Populated by the system when a graceful deletion is requested. - Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component that - will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate - a unique name ONLY IF the Name field has not been provided. If - this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a - unique suffix. The provided value has the same validation rules - as the Name field, and may be truncated by the length of the suffix - required to make the value unique on the server. If this field - is specified and the generated name exists, the server will NOT - return a 409 - instead, it will either return 201 Created or 500 - with Reason ServerTimeout indicating a unique name could not be - found in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied only - if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired - state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and - categorize (scope and select) objects. May match selectors of - replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration definition. - Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An - empty namespace is equivalent to the "default" namespace, but - "default" is the canonical representation. Not all objects are - required to be scoped to a namespace - the value of this field - for those objects will be empty. Must be a DNS_LABEL. Cannot be - updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the - list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object - that can be used by clients to determine when objects have changed. - May be used for optimistic concurrency, change detection, and - the watch operation on a resource or set of resources. Clients - must treat these values as opaque and passed unmodified back to - the server. They may only be valid for a particular resource or - set of resources. Populated by the system. Read-only. Value must - be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. - Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It - is typically generated by the server on successful creation of - a resource and is not allowed to change on PUT operations. Populated - by the system. Read-only. - type: str - rules: - description: - - Rules holds all the PolicyRules for this Role - type: list - contains: - api_groups: - description: - - APIGroups is the name of the APIGroup that contains the resources. - If this field is empty, then both kubernetes and origin API groups - are assumed. That means that if an action is requested against - one of the enumerated resources in either the kubernetes or the - origin API group, the request will be allowed - type: list - contains: str - attribute_restrictions: - description: - - AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder - pair supports. If the Authorizer does not recognize how to handle - the AttributeRestrictions, the Authorizer should report an error. - type: complex - contains: - raw: - description: - - Raw is the underlying serialization of this object. - type: str - non_resource_ur_ls: - description: - - NonResourceURLsSlice is a set of partial urls that a user should - have access to. *s are allowed, but only as the full, final step - in the path This name is intentionally different than the internal - type so that the DefaultConvert works nicely and because the ordering - may be different. - type: list - contains: str - resource_names: - description: - - ResourceNames is an optional white list of names that the rule - applies to. An empty set means that everything is allowed. - type: list - contains: str - resources: - description: - - Resources is a list of resources this rule applies to. ResourceAll - represents all resources. - type: list - contains: str - verbs: - description: - - Verbs is a list of Verbs that apply to ALL the ResourceKinds and - AttributeRestrictions contained in this rule. VerbAll represents - all kinds. - type: list - contains: str ''' def main(): try: - module = OpenShiftAnsibleModule('policy', 'V1') - except OpenShiftAnsibleException as exc: + module = KubernetesAnsibleModule('external_admission_hook_configuration', 'V1alpha1') + except KubernetesAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) try: module.execute_module() - except OpenShiftAnsibleException as exc: + except KubernetesAnsibleException as exc: module.fail_json(msg="Module failed!", error=str(exc)) diff --git a/library/k8s_v1alpha1_external_admission_hook_configuration_list.py b/library/k8s_v1alpha1_external_admission_hook_configuration_list.py new file mode 100644 index 00000000..8c23c157 --- /dev/null +++ b/library/k8s_v1alpha1_external_admission_hook_configuration_list.py @@ -0,0 +1,561 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1alpha1_external_admission_hook_configuration_list +short_description: Kubernetes ExternalAdmissionHookConfigurationList +description: +- Retrieve a list of external_admission_hook_configurations. List operations provide + a snapshot read of the underlying objects, returning a resource_version representing + a consistent version of the listed objects. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +external_admission_hook_configuration_list: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + items: + description: + - List of ExternalAdmissionHookConfiguration. + type: list + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + external_admission_hooks: + description: + - ExternalAdmissionHooks is a list of external admission webhooks and the + affected resources and operations. + type: list + contains: + client_config: + description: + - ClientConfig defines how to communicate with the hook. Required + type: complex + contains: + ca_bundle: + description: + - CABundle is a PEM encoded CA bundle which will be used to validate + webhook's server certificate. Required + type: str + service: + description: + - Service is a reference to the service for this webhook. If there + is only one port open for the service, that port will be used. + If there are multiple ports open, port 443 will be used if it + is open, otherwise it is an error. Required + type: complex + contains: + name: + description: + - Name is the name of the service Required + type: str + namespace: + description: + - Namespace is the namespace of the service Required + type: str + failure_policy: + description: + - FailurePolicy defines how unrecognized errors from the admission endpoint + are handled - allowed values are Ignore or Fail. Defaults to Ignore. + type: str + name: + description: + - The name of the external admission webhook. Name should be fully qualified, + e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of + the webhook, and kubernetes.io is the name of the organization. Required. + type: str + rules: + description: + - Rules describes what operations on what resources/subresources the + webhook cares about. The webhook cares about an operation if it matches + _any_ Rule. + type: list + contains: + api_groups: + description: + - APIGroups is the API groups the resources belong to. '*' is all + groups. If '*' is present, the length of the slice must be one. + Required. + type: list + contains: str + api_versions: + description: + - APIVersions is the API versions the resources belong to. '*' is + all versions. If '*' is present, the length of the slice must + be one. Required. + type: list + contains: str + operations: + description: + - Operations is the operations the admission hook cares about - + CREATE, UPDATE, or * for all operations. If '*' is present, the + length of the slice must be one. Required. + type: list + contains: str + resources: + description: + - "Resources is a list of resources this rule applies to. For example:\ + \ 'pods' means pods. 'pods/log' means the log subresource of pods.\ + \ '*' means all resources, but not subresources. 'pods/*' means\ + \ all subresources of pods. '*/scale' means all scale subresources.\ + \ '*/*' means all resources and their subresources. If wildcard\ + \ is present, the validation rule will ensure resources do not\ + \ overlap with each other. Depending on the enclosing object,\ + \ subresources might not be allowed. Required." + type: list + contains: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. + type: str + metadata: + description: + - Standard object metadata; + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource + that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used + to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is + going to ignore it if set in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. + It is represented in RFC3339 form and is in UTC. Populated by the + system. Read-only. Null for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource + will be deleted. This field is set by the server when a graceful deletion + is requested by the user, and is not directly settable by a client. + The resource is expected to be deleted (no longer visible from resource + lists, and not reachable by name) after the time in this field. Once + set, this value may not be unset or be set further into the future, + although it may be shortened or the resource may be deleted prior + to this time. For example, a user may request that a pod is deleted + in 30 seconds. The Kubelet will react by sending a graceful termination + signal to the containers in the pod. After that 30 seconds, the Kubelet + will send a hard termination signal (SIGKILL) to the container and + after cleanup, remove the pod from the API. In the presence of network + partitions, this object may still exist after this timestamp, until + an administrator or automated process can determine the resource is + fully terminated. If not set, graceful deletion of the object has + not been requested. Populated by the system when a graceful deletion + is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each + entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is + non-nil, entries in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate + a unique name ONLY IF the Name field has not been provided. If this + field is used, the name returned to the client will be different than + the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make + the value unique on the server. If this field is specified and the + generated name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time allotted, + and the client should retry (optionally after the time indicated in + the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired + state. Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily + intended for creation idempotence and configuration definition. Cannot + be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" + is the canonical representation. Not all objects are required to be + scoped to a namespace - the value of this field for those objects + will be empty. Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list + have been deleted, this object will be garbage collected. If this + object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object + that can be used by clients to determine when objects have changed. + May be used for optimistic concurrency, change detection, and the + watch operation on a resource or set of resources. Clients must treat + these values as opaque and passed unmodified back to the server. They + may only be valid for a particular resource or set of resources. Populated + by the system. Read-only. Value must be treated as opaque by clients + and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. + Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is + not allowed to change on PUT operations. Populated by the system. + Read-only. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this object that + can be used by clients to determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('external_admission_hook_configuration_list', 'V1alpha1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1alpha1_initializer_configuration.py b/library/k8s_v1alpha1_initializer_configuration.py new file mode 100644 index 00000000..0bcdd188 --- /dev/null +++ b/library/k8s_v1alpha1_initializer_configuration.py @@ -0,0 +1,519 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1alpha1_initializer_configuration +short_description: Kubernetes InitializerConfiguration +description: +- Manage the lifecycle of a initializer_configuration object. Supports check mode, + and attempts to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + initializers: + description: + - Initializers is a list of resources and their default initializers Order-sensitive. + When merging multiple InitializerConfigurations, we sort the initializers from + different InitializerConfigurations by the name of the InitializerConfigurations; + the order of the initializers from the same InitializerConfiguration is preserved. + type: list + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +initializer_configuration: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + initializers: + description: + - Initializers is a list of resources and their default initializers Order-sensitive. + When merging multiple InitializerConfigurations, we sort the initializers + from different InitializerConfigurations by the name of the InitializerConfigurations; + the order of the initializers from the same InitializerConfiguration is preserved. + type: list + contains: + failure_policy: + description: + - FailurePolicy defines what happens if the responsible initializer controller + fails to takes action. Allowed values are Ignore, or Fail. If "Ignore" + is set, initializer is removed from the initializers list of an object + if the timeout is reached; If "Fail" is set, admissionregistration returns + timeout error if the timeout is reached. + type: str + name: + description: + - Name is the identifier of the initializer. It will be added to the object + that needs to be initialized. Name should be fully qualified, e.g., alwayspullimages.kubernetes.io, + where "alwayspullimages" is the name of the webhook, and kubernetes.io + is the name of the organization. Required + type: str + rules: + description: + - Rules describes what resources/subresources the initializer cares about. + The initializer cares about an operation if it matches _any_ Rule. Rule.Resources + must not include subresources. + type: list + contains: + api_groups: + description: + - APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. Required. + type: list + contains: str + api_versions: + description: + - APIVersions is the API versions the resources belong to. '*' is all + versions. If '*' is present, the length of the slice must be one. + Required. + type: list + contains: str + resources: + description: + - "Resources is a list of resources this rule applies to. For example:\ + \ 'pods' means pods. 'pods/log' means the log subresource of pods.\ + \ '*' means all resources, but not subresources. 'pods/*' means all\ + \ subresources of pods. '*/scale' means all scale subresources. '*/*'\ + \ means all resources and their subresources. If wildcard is present,\ + \ the validation rule will ensure resources do not overlap with each\ + \ other. Depending on the enclosing object, subresources might not\ + \ be allowed. Required." + type: list + contains: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard object metadata; + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('initializer_configuration', 'V1alpha1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1alpha1_initializer_configuration_list.py b/library/k8s_v1alpha1_initializer_configuration_list.py new file mode 100644 index 00000000..0508b902 --- /dev/null +++ b/library/k8s_v1alpha1_initializer_configuration_list.py @@ -0,0 +1,536 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1alpha1_initializer_configuration_list +short_description: Kubernetes InitializerConfigurationList +description: +- Retrieve a list of initializer_configurations. List operations provide a snapshot + read of the underlying objects, returning a resource_version representing a consistent + version of the listed objects. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +initializer_configuration_list: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + items: + description: + - List of InitializerConfiguration. + type: list + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + initializers: + description: + - Initializers is a list of resources and their default initializers Order-sensitive. + When merging multiple InitializerConfigurations, we sort the initializers + from different InitializerConfigurations by the name of the InitializerConfigurations; + the order of the initializers from the same InitializerConfiguration is + preserved. + type: list + contains: + failure_policy: + description: + - FailurePolicy defines what happens if the responsible initializer + controller fails to takes action. Allowed values are Ignore, or Fail. + If "Ignore" is set, initializer is removed from the initializers list + of an object if the timeout is reached; If "Fail" is set, admissionregistration + returns timeout error if the timeout is reached. + type: str + name: + description: + - Name is the identifier of the initializer. It will be added to the + object that needs to be initialized. Name should be fully qualified, + e.g., alwayspullimages.kubernetes.io, where "alwayspullimages" is + the name of the webhook, and kubernetes.io is the name of the organization. + Required + type: str + rules: + description: + - Rules describes what resources/subresources the initializer cares + about. The initializer cares about an operation if it matches _any_ + Rule. Rule.Resources must not include subresources. + type: list + contains: + api_groups: + description: + - APIGroups is the API groups the resources belong to. '*' is all + groups. If '*' is present, the length of the slice must be one. + Required. + type: list + contains: str + api_versions: + description: + - APIVersions is the API versions the resources belong to. '*' is + all versions. If '*' is present, the length of the slice must + be one. Required. + type: list + contains: str + resources: + description: + - "Resources is a list of resources this rule applies to. For example:\ + \ 'pods' means pods. 'pods/log' means the log subresource of pods.\ + \ '*' means all resources, but not subresources. 'pods/*' means\ + \ all subresources of pods. '*/scale' means all scale subresources.\ + \ '*/*' means all resources and their subresources. If wildcard\ + \ is present, the validation rule will ensure resources do not\ + \ overlap with each other. Depending on the enclosing object,\ + \ subresources might not be allowed. Required." + type: list + contains: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. + type: str + metadata: + description: + - Standard object metadata; + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource + that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used + to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is + going to ignore it if set in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. + It is represented in RFC3339 form and is in UTC. Populated by the + system. Read-only. Null for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource + will be deleted. This field is set by the server when a graceful deletion + is requested by the user, and is not directly settable by a client. + The resource is expected to be deleted (no longer visible from resource + lists, and not reachable by name) after the time in this field. Once + set, this value may not be unset or be set further into the future, + although it may be shortened or the resource may be deleted prior + to this time. For example, a user may request that a pod is deleted + in 30 seconds. The Kubelet will react by sending a graceful termination + signal to the containers in the pod. After that 30 seconds, the Kubelet + will send a hard termination signal (SIGKILL) to the container and + after cleanup, remove the pod from the API. In the presence of network + partitions, this object may still exist after this timestamp, until + an administrator or automated process can determine the resource is + fully terminated. If not set, graceful deletion of the object has + not been requested. Populated by the system when a graceful deletion + is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each + entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is + non-nil, entries in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate + a unique name ONLY IF the Name field has not been provided. If this + field is used, the name returned to the client will be different than + the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make + the value unique on the server. If this field is specified and the + generated name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time allotted, + and the client should retry (optionally after the time indicated in + the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired + state. Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily + intended for creation idempotence and configuration definition. Cannot + be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" + is the canonical representation. Not all objects are required to be + scoped to a namespace - the value of this field for those objects + will be empty. Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list + have been deleted, this object will be garbage collected. If this + object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object + that can be used by clients to determine when objects have changed. + May be used for optimistic concurrency, change detection, and the + watch operation on a resource or set of resources. Clients must treat + these values as opaque and passed unmodified back to the server. They + may only be valid for a particular resource or set of resources. Populated + by the system. Read-only. Value must be treated as opaque by clients + and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. + Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is + not allowed to change on PUT operations. Populated by the system. + Read-only. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this object that + can be used by clients to determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('initializer_configuration_list', 'V1alpha1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1alpha1_pod_preset.py b/library/k8s_v1alpha1_pod_preset.py new file mode 100644 index 00000000..a546ae88 --- /dev/null +++ b/library/k8s_v1alpha1_pod_preset.py @@ -0,0 +1,1712 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1alpha1_pod_preset +short_description: Kubernetes PodPreset +description: +- Manage the lifecycle of a pod_preset object. Supports check mode, and attempts to + to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + spec_env: + description: + - Env defines the collection of EnvVar to inject into containers. + aliases: + - env + type: list + spec_env_from: + description: + - EnvFrom defines the collection of EnvFromSource to inject into containers. + aliases: + - env_from + type: list + spec_selector_match_expressions: + description: + - matchExpressions is a list of label selector requirements. The requirements + are ANDed. + aliases: + - selector_match_expressions + type: list + spec_selector_match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only "value". The requirements + are ANDed. + aliases: + - selector_match_labels + type: dict + spec_volume_mounts: + description: + - VolumeMounts defines the collection of VolumeMount to inject into containers. + aliases: + - volume_mounts + type: list + spec_volumes: + description: + - Volumes defines the collection of Volume to inject into the pod. + aliases: + - volumes + type: list + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +pod_preset: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: [] + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + spec: + description: [] + type: complex + contains: + env: + description: + - Env defines the collection of EnvVar to inject into containers. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the previous defined + environment variables in the container and any service environment + variables. If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax can be escaped + with a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or not. Defaults + to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be used if value + is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written in terms of, + defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources limits and + requests (limits.cpu, limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, defaults + to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be a valid secret + key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool + env_from: + description: + - EnvFrom defines the collection of EnvFromSource to inject into containers. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. Must + be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + selector: + description: + - Selector is a label query over a set of resources, in this case pods. + Required. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. The requirements + are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies to. + type: str + operator: + description: + - operator represents a key's relationship to a set of values. Valid + operators ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator is In or + NotIn, the values array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must be empty. This array + is replaced during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} in + the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: complex + contains: str, str + volume_mounts: + description: + - VolumeMounts defines the collection of VolumeMount to inject into containers. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be mounted. Must + not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume should be + mounted. Defaults to "" (volume's root). + type: str + volumes: + description: + - Volumes defines the collection of Volume to inject into the pod. + type: list + contains: + aws_elastic_block_store: + description: + - AWSElasticBlockStore represents an AWS Disk resource that is attached + to a kubelet's host machine and then exposed to the pod. + type: complex + contains: + fs_type: + description: + - 'Filesystem type of the volume that you want to mount. Tip: Ensure + that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified.' + type: str + partition: + description: + - 'The partition in the volume that you want to mount. If omitted, + the default is to mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + type: int + read_only: + description: + - Specify "true" to force and set the ReadOnly property in VolumeMounts + to "true". If omitted, the default is "false". + type: bool + volume_id: + description: + - Unique ID of the persistent disk resource in AWS (Amazon EBS volume). + type: str + azure_disk: + description: + - AzureDisk represents an Azure Data Disk mount on the host and bind + mount to the pod. + type: complex + contains: + caching_mode: + description: + - 'Host Caching mode: None, Read Only, Read Write.' + type: str + disk_name: + description: + - The Name of the data disk in the blob storage + type: str + disk_uri: + description: + - The URI the data disk in the blob storage + type: str + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage account + Dedicated: single blob disk per storage account Managed: azure + managed data disk (only in managed availability set). defaults + to shared' + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + azure_file: + description: + - AzureFile represents an Azure File Service mount on the host and bind + mount to the pod. + type: complex + contains: + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + secret_name: + description: + - the name of secret that contains Azure Storage Account Name and + Key + type: str + share_name: + description: + - Share Name + type: str + cephfs: + description: + - CephFS represents a Ceph FS mount on the host that shares a pod's + lifetime + type: complex + contains: + monitors: + description: + - 'Required: Monitors is a collection of Ceph monitors' + type: list + contains: str + path: + description: + - 'Optional: Used as the mounted root, rather than the full Ceph + tree, default is /' + type: str + read_only: + description: + - 'Optional: Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' + type: bool + secret_file: + description: + - 'Optional: SecretFile is the path to key ring for User, default + is /etc/ceph/user.secret' + type: str + secret_ref: + description: + - 'Optional: SecretRef is reference to the authentication secret + for User, default is empty.' + type: complex + contains: + name: + description: + - Name of the referent. + type: str + user: + description: + - 'Optional: User is the rados user name, default is admin' + type: str + cinder: + description: + - Cinder represents a cinder volume attached and mounted on kubelets + host machine + type: complex + contains: + fs_type: + description: + - 'Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified.' + type: str + read_only: + description: + - 'Optional: Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' + type: bool + volume_id: + description: + - volume id used to identify the volume in cinder + type: str + config_map: + description: + - ConfigMap represents a configMap that should populate this volume + type: complex + contains: + default_mode: + description: + - 'Optional: mode bits to use on created files by default. Must + be a value between 0 and 0777. Defaults to 0644. Directories within + the path are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + type: int + items: + description: + - If unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name + is the key and content is the value. If specified, the listed + keys will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which is not present + in the ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the '..' + path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be a value + between 0 and 0777. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key to. May not be + an absolute path. May not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool + downward_api: + description: + - DownwardAPI represents downward API about the pod that should populate + this volume + type: complex + contains: + default_mode: + description: + - 'Optional: mode bits to use on created files by default. Must + be a value between 0 and 0777. Defaults to 0644. Directories within + the path are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + type: int + items: + description: + - Items is a list of downward API volume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only annotations, labels, + name and namespace are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written in terms + of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be a value + between 0 and 0777. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name of the file to be\ + \ created. Must not be absolute or contain the '..' path.\ + \ Must be utf-8 encoded. The first item of the relative path\ + \ must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources limits + and requests (limits.cpu, limits.memory, requests.cpu and + requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional for env + vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + empty_dir: + description: + - EmptyDir represents a temporary directory that shares a pod's lifetime. + type: complex + contains: + medium: + description: + - What type of storage medium should back this directory. The default + is "" which means to use the node's default medium. Must be an + empty string (default) or Memory. + type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all + containers in a pod. The default is nil which means that the limit + is undefined. + type: str + fc: + description: + - FC represents a Fibre Channel resource that is attached to a kubelet's + host machine and then exposed to the pod. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + lun: + description: + - 'Required: FC target lun number' + type: int + read_only: + description: + - 'Optional: Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' + type: bool + target_ww_ns: + description: + - 'Required: FC target worldwide names (WWNs)' + type: list + contains: str + flex_volume: + description: + - FlexVolume represents a generic volume resource that is provisioned/attached + using an exec based plugin. This is an alpha feature and may change + in future. + type: complex + contains: + driver: + description: + - Driver is the name of the driver to use for this volume. + type: str + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". The default + filesystem depends on FlexVolume script. + type: str + options: + description: + - 'Optional: Extra command options if any.' + type: complex + contains: str, str + read_only: + description: + - 'Optional: Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' + type: bool + secret_ref: + description: + - 'Optional: SecretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may + be empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts.' + type: complex + contains: + name: + description: + - Name of the referent. + type: str + flocker: + description: + - Flocker represents a Flocker volume attached to a kubelet's host machine. + This depends on the Flocker control service being running + type: complex + contains: + dataset_name: + description: + - Name of the dataset stored as metadata -> name on the dataset + for Flocker should be considered as deprecated + type: str + dataset_uuid: + description: + - UUID of the dataset. This is unique identifier of a Flocker dataset + type: str + gce_persistent_disk: + description: + - GCEPersistentDisk represents a GCE Disk resource that is attached + to a kubelet's host machine and then exposed to the pod. + type: complex + contains: + fs_type: + description: + - 'Filesystem type of the volume that you want to mount. Tip: Ensure + that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified.' + type: str + partition: + description: + - 'The partition in the volume that you want to mount. If omitted, + the default is to mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + type: int + pd_name: + description: + - Unique name of the PD resource in GCE. Used to identify the disk + in GCE. + type: str + read_only: + description: + - ReadOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: bool + git_repo: + description: + - GitRepo represents a git repository at a particular revision. + type: complex + contains: + directory: + description: + - Target directory name. Must not contain or start with '..'. If + '.' is supplied, the volume directory will be the git repository. + Otherwise, if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: str + repository: + description: + - Repository URL + type: str + revision: + description: + - Commit hash for the specified revision. + type: str + glusterfs: + description: + - Glusterfs represents a Glusterfs mount on the host that shares a pod's + lifetime. + type: complex + contains: + endpoints: + description: + - EndpointsName is the endpoint name that details Glusterfs topology. + type: str + path: + description: + - Path is the Glusterfs volume path. + type: str + read_only: + description: + - ReadOnly here will force the Glusterfs volume to be mounted with + read-only permissions. Defaults to false. + type: bool + host_path: + description: + - HostPath represents a pre-existing file or directory on the host machine + that is directly exposed to the container. This is generally used + for system agents or other privileged things that are allowed to see + the host machine. Most containers will NOT need this. + type: complex + contains: + path: + description: + - Path of the directory on the host. + type: str + iscsi: + description: + - ISCSI represents an ISCSI Disk resource that is attached to a kubelet's + host machine and then exposed to the pod. + type: complex + contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool + fs_type: + description: + - 'Filesystem type of the volume that you want to mount. Tip: Ensure + that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified.' + type: str + iqn: + description: + - Target iSCSI Qualified Name. + type: str + iscsi_interface: + description: + - "Optional: Defaults to 'default' (tcp). iSCSI interface name that\ + \ uses an iSCSI transport." + type: str + lun: + description: + - iSCSI target lun number. + type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 and + 3260). + type: list + contains: str + read_only: + description: + - ReadOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str + target_portal: + description: + - iSCSI target portal. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 and + 3260). + type: str + name: + description: + - Volume's name. Must be a DNS_LABEL and unique within the pod. + type: str + nfs: + description: + - NFS represents an NFS mount on the host that shares a pod's lifetime + type: complex + contains: + path: + description: + - Path that is exported by the NFS server. + type: str + read_only: + description: + - ReadOnly here will force the NFS export to be mounted with read-only + permissions. Defaults to false. + type: bool + server: + description: + - Server is the hostname or IP address of the NFS server. + type: str + persistent_volume_claim: + description: + - PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim + in the same namespace. + type: complex + contains: + claim_name: + description: + - ClaimName is the name of a PersistentVolumeClaim in the same namespace + as the pod using this volume. + type: str + read_only: + description: + - Will force the ReadOnly setting in VolumeMounts. Default false. + type: bool + photon_persistent_disk: + description: + - PhotonPersistentDisk represents a PhotonController persistent disk + attached and mounted on kubelets host machine + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + pd_id: + description: + - ID that identifies Photon Controller persistent disk + type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted on + kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be a filesystem + type supported by the host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be a value + between 0 and 0777. Directories within the path are not affected + by this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result can be + other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data field + of the referenced ConfigMap will be projected into the + volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be + a value between 0 and 0777. If not specified, the + volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + type: int + path: + description: + - The relative path of the file to map the key to. May + not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only annotations, + labels, name and namespace are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be + a value between 0 and 0777. If not specified, the + volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + type: int + path: + description: + - "Required: Path is the relative path name of the file\ + \ to be created. Must not be absolute or contain the\ + \ '..' path. Must be utf-8 encoded. The first item\ + \ of the relative path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data field + of the referenced Secret will be projected into the volume + as a file whose name is the key and content is the value. + If specified, the listed keys will be projected into the + specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be + a value between 0 and 0777. If not specified, the + volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + type: int + path: + description: + - The relative path of the file to map the key to. May + not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be defined + type: bool + quobyte: + description: + - Quobyte represents a Quobyte mount on the host that shares a pod's + lifetime + type: complex + contains: + group: + description: + - Group to map volume access to Default is no group + type: str + read_only: + description: + - ReadOnly here will force the Quobyte volume to be mounted with + read-only permissions. Defaults to false. + type: bool + registry: + description: + - Registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are + separated with commas) which acts as the central registry for + volumes + type: str + user: + description: + - User to map volume access to Defaults to serivceaccount user + type: str + volume: + description: + - Volume is a string that references an already created Quobyte + volume by name. + type: str + rbd: + description: + - RBD represents a Rados Block Device mount on the host that shares + a pod's lifetime. + type: complex + contains: + fs_type: + description: + - 'Filesystem type of the volume that you want to mount. Tip: Ensure + that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified.' + type: str + image: + description: + - The rados image name. + type: str + keyring: + description: + - Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. + type: str + monitors: + description: + - A collection of Ceph monitors. + type: list + contains: str + pool: + description: + - The rados pool name. Default is rbd. + type: str + read_only: + description: + - ReadOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: bool + secret_ref: + description: + - SecretRef is name of the authentication secret for RBDUser. If + provided overrides keyring. Default is nil. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + user: + description: + - The rados user name. Default is admin. + type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage (defaults + to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation + will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, default + false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick or + thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain (defaults + to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system that + is associated with this volume source. + type: str + secret: + description: + - Secret represents a secret that should populate this volume. + type: complex + contains: + default_mode: + description: + - 'Optional: mode bits to use on created files by default. Must + be a value between 0 and 0777. Defaults to 0644. Directories within + the path are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + type: int + items: + description: + - If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name + is the key and content is the value. If specified, the listed + keys will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which is not present + in the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the '..' + path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be a value + between 0 and 0777. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key to. May not be + an absolute path. May not contain the path element '..'. May + not start with the string '..'. + type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool + secret_name: + description: + - Name of the secret in the pod's namespace to use. + type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted on Kubernetes + nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the StorageOS + API credentials. If not specified, default values will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS volume. + Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within StorageOS. + If no namespace is specified then the Pod's namespace will be + used. This allows the Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" if you are + not using namespaces within StorageOS. Namespaces that do not + pre-exist within StorageOS will be created. + type: str + vsphere_volume: + description: + - VsphereVolume represents a vSphere volume attached and mounted on + kubelets host machine + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated with + the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str + volume_path: + description: + - Path that identifies vSphere volume vmdk + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('pod_preset', 'V1alpha1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1alpha1_pod_preset_list.py b/library/k8s_v1alpha1_pod_preset_list.py new file mode 100644 index 00000000..39e6febe --- /dev/null +++ b/library/k8s_v1alpha1_pod_preset_list.py @@ -0,0 +1,1710 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1alpha1_pod_preset_list +short_description: Kubernetes PodPresetList +description: +- Retrieve a list of pod_presets. List operations provide a snapshot read of the underlying + objects, returning a resource_version representing a consistent version of the listed + objects. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +pod_preset_list: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + items: + description: + - Items is a list of schema objects. + type: list + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. + type: str + metadata: + description: [] + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource + that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used + to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is + going to ignore it if set in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. + It is represented in RFC3339 form and is in UTC. Populated by the + system. Read-only. Null for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource + will be deleted. This field is set by the server when a graceful deletion + is requested by the user, and is not directly settable by a client. + The resource is expected to be deleted (no longer visible from resource + lists, and not reachable by name) after the time in this field. Once + set, this value may not be unset or be set further into the future, + although it may be shortened or the resource may be deleted prior + to this time. For example, a user may request that a pod is deleted + in 30 seconds. The Kubelet will react by sending a graceful termination + signal to the containers in the pod. After that 30 seconds, the Kubelet + will send a hard termination signal (SIGKILL) to the container and + after cleanup, remove the pod from the API. In the presence of network + partitions, this object may still exist after this timestamp, until + an administrator or automated process can determine the resource is + fully terminated. If not set, graceful deletion of the object has + not been requested. Populated by the system when a graceful deletion + is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each + entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is + non-nil, entries in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate + a unique name ONLY IF the Name field has not been provided. If this + field is used, the name returned to the client will be different than + the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make + the value unique on the server. If this field is specified and the + generated name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time allotted, + and the client should retry (optionally after the time indicated in + the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired + state. Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily + intended for creation idempotence and configuration definition. Cannot + be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" + is the canonical representation. Not all objects are required to be + scoped to a namespace - the value of this field for those objects + will be empty. Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list + have been deleted, this object will be garbage collected. If this + object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object + that can be used by clients to determine when objects have changed. + May be used for optimistic concurrency, change detection, and the + watch operation on a resource or set of resources. Clients must treat + these values as opaque and passed unmodified back to the server. They + may only be valid for a particular resource or set of resources. Populated + by the system. Read-only. Value must be treated as opaque by clients + and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. + Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is + not allowed to change on PUT operations. Populated by the system. + Read-only. + type: str + spec: + description: [] + type: complex + contains: + env: + description: + - Env defines the collection of EnvVar to inject into containers. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the previous + defined environment variables in the container and any service + environment variables. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be used if + value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written in terms + of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources limits + and requests (limits.cpu, limits.memory, requests.cpu and + requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional for env + vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be a valid + secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool + env_from: + description: + - EnvFrom defines the collection of EnvFromSource to inject into containers. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + selector: + description: + - Selector is a label query over a set of resources, in this case pods. + Required. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. The + requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies to. + type: str + operator: + description: + - operator represents a key's relationship to a set of values. + Valid operators ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the operator is In + or NotIn, the values array must be non-empty. If the operator + is Exists or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", and the values + array contains only "value". The requirements are ANDed. + type: complex + contains: str, str + volume_mounts: + description: + - VolumeMounts defines the collection of VolumeMount to inject into + containers. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be mounted. + Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume should + be mounted. Defaults to "" (volume's root). + type: str + volumes: + description: + - Volumes defines the collection of Volume to inject into the pod. + type: list + contains: + aws_elastic_block_store: + description: + - AWSElasticBlockStore represents an AWS Disk resource that is attached + to a kubelet's host machine and then exposed to the pod. + type: complex + contains: + fs_type: + description: + - 'Filesystem type of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified.' + type: str + partition: + description: + - 'The partition in the volume that you want to mount. If omitted, + the default is to mount by volume name. Examples: For volume + /dev/sda1, you specify the partition as "1". Similarly, the + volume partition for /dev/sda is "0" (or you can leave the + property empty).' + type: int + read_only: + description: + - Specify "true" to force and set the ReadOnly property in VolumeMounts + to "true". If omitted, the default is "false". + type: bool + volume_id: + description: + - Unique ID of the persistent disk resource in AWS (Amazon EBS + volume). + type: str + azure_disk: + description: + - AzureDisk represents an Azure Data Disk mount on the host and + bind mount to the pod. + type: complex + contains: + caching_mode: + description: + - 'Host Caching mode: None, Read Only, Read Write.' + type: str + disk_name: + description: + - The Name of the data disk in the blob storage + type: str + disk_uri: + description: + - The URI the data disk in the blob storage + type: str + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage account + Dedicated: single blob disk per storage account Managed: azure + managed data disk (only in managed availability set). defaults + to shared' + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. + type: bool + azure_file: + description: + - AzureFile represents an Azure File Service mount on the host and + bind mount to the pod. + type: complex + contains: + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. + type: bool + secret_name: + description: + - the name of secret that contains Azure Storage Account Name + and Key + type: str + share_name: + description: + - Share Name + type: str + cephfs: + description: + - CephFS represents a Ceph FS mount on the host that shares a pod's + lifetime + type: complex + contains: + monitors: + description: + - 'Required: Monitors is a collection of Ceph monitors' + type: list + contains: str + path: + description: + - 'Optional: Used as the mounted root, rather than the full + Ceph tree, default is /' + type: str + read_only: + description: + - 'Optional: Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' + type: bool + secret_file: + description: + - 'Optional: SecretFile is the path to key ring for User, default + is /etc/ceph/user.secret' + type: str + secret_ref: + description: + - 'Optional: SecretRef is reference to the authentication secret + for User, default is empty.' + type: complex + contains: + name: + description: + - Name of the referent. + type: str + user: + description: + - 'Optional: User is the rados user name, default is admin' + type: str + cinder: + description: + - Cinder represents a cinder volume attached and mounted on kubelets + host machine + type: complex + contains: + fs_type: + description: + - 'Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified.' + type: str + read_only: + description: + - 'Optional: Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' + type: bool + volume_id: + description: + - volume id used to identify the volume in cinder + type: str + config_map: + description: + - ConfigMap represents a configMap that should populate this volume + type: complex + contains: + default_mode: + description: + - 'Optional: mode bits to use on created files by default. Must + be a value between 0 and 0777. Defaults to 0644. Directories + within the path are not affected by this setting. This might + be in conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits set.' + type: int + items: + description: + - If unspecified, each key-value pair in the Data field of the + referenced ConfigMap will be projected into the volume as + a file whose name is the key and content is the value. If + specified, the listed keys will be projected into the specified + paths, and unlisted keys will not be present. If a key is + specified which is not present in the ConfigMap, the volume + setup will error unless it is marked optional. Paths must + be relative and may not contain the '..' path or start with + '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be a value + between 0 and 0777. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key to. May not + be an absolute path. May not contain the path element + '..'. May not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool + downward_api: + description: + - DownwardAPI represents downward API about the pod that should + populate this volume + type: complex + contains: + default_mode: + description: + - 'Optional: mode bits to use on created files by default. Must + be a value between 0 and 0777. Defaults to 0644. Directories + within the path are not affected by this setting. This might + be in conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits set.' + type: int + items: + description: + - Items is a list of downward API volume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only annotations, + labels, name and namespace are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written in + terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be a value + between 0 and 0777. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name of the file\ + \ to be created. Must not be absolute or contain the '..'\ + \ path. Must be utf-8 encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources limits + and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional for + env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + empty_dir: + description: + - EmptyDir represents a temporary directory that shares a pod's + lifetime. + type: complex + contains: + medium: + description: + - What type of storage medium should back this directory. The + default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the minimum value + between the SizeLimit specified here and the sum of memory + limits of all containers in a pod. The default is nil which + means that the limit is undefined. + type: str + fc: + description: + - FC represents a Fibre Channel resource that is attached to a kubelet's + host machine and then exposed to the pod. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + lun: + description: + - 'Required: FC target lun number' + type: int + read_only: + description: + - 'Optional: Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' + type: bool + target_ww_ns: + description: + - 'Required: FC target worldwide names (WWNs)' + type: list + contains: str + flex_volume: + description: + - FlexVolume represents a generic volume resource that is provisioned/attached + using an exec based plugin. This is an alpha feature and may change + in future. + type: complex + contains: + driver: + description: + - Driver is the name of the driver to use for this volume. + type: str + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". The + default filesystem depends on FlexVolume script. + type: str + options: + description: + - 'Optional: Extra command options if any.' + type: complex + contains: str, str + read_only: + description: + - 'Optional: Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' + type: bool + secret_ref: + description: + - 'Optional: SecretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This + may be empty if no secret object is specified. If the secret + object contains more than one secret, all secrets are passed + to the plugin scripts.' + type: complex + contains: + name: + description: + - Name of the referent. + type: str + flocker: + description: + - Flocker represents a Flocker volume attached to a kubelet's host + machine. This depends on the Flocker control service being running + type: complex + contains: + dataset_name: + description: + - Name of the dataset stored as metadata -> name on the dataset + for Flocker should be considered as deprecated + type: str + dataset_uuid: + description: + - UUID of the dataset. This is unique identifier of a Flocker + dataset + type: str + gce_persistent_disk: + description: + - GCEPersistentDisk represents a GCE Disk resource that is attached + to a kubelet's host machine and then exposed to the pod. + type: complex + contains: + fs_type: + description: + - 'Filesystem type of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified.' + type: str + partition: + description: + - 'The partition in the volume that you want to mount. If omitted, + the default is to mount by volume name. Examples: For volume + /dev/sda1, you specify the partition as "1". Similarly, the + volume partition for /dev/sda is "0" (or you can leave the + property empty).' + type: int + pd_name: + description: + - Unique name of the PD resource in GCE. Used to identify the + disk in GCE. + type: str + read_only: + description: + - ReadOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: bool + git_repo: + description: + - GitRepo represents a git repository at a particular revision. + type: complex + contains: + directory: + description: + - Target directory name. Must not contain or start with '..'. + If '.' is supplied, the volume directory will be the git repository. + Otherwise, if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: str + repository: + description: + - Repository URL + type: str + revision: + description: + - Commit hash for the specified revision. + type: str + glusterfs: + description: + - Glusterfs represents a Glusterfs mount on the host that shares + a pod's lifetime. + type: complex + contains: + endpoints: + description: + - EndpointsName is the endpoint name that details Glusterfs + topology. + type: str + path: + description: + - Path is the Glusterfs volume path. + type: str + read_only: + description: + - ReadOnly here will force the Glusterfs volume to be mounted + with read-only permissions. Defaults to false. + type: bool + host_path: + description: + - HostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + type: complex + contains: + path: + description: + - Path of the directory on the host. + type: str + iscsi: + description: + - ISCSI represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + type: complex + contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool + fs_type: + description: + - 'Filesystem type of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified.' + type: str + iqn: + description: + - Target iSCSI Qualified Name. + type: str + iscsi_interface: + description: + - "Optional: Defaults to 'default' (tcp). iSCSI interface name\ + \ that uses an iSCSI transport." + type: str + lun: + description: + - iSCSI target lun number. + type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 + and 3260). + type: list + contains: str + read_only: + description: + - ReadOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str + target_portal: + description: + - iSCSI target portal. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 + and 3260). + type: str + name: + description: + - Volume's name. Must be a DNS_LABEL and unique within the pod. + type: str + nfs: + description: + - NFS represents an NFS mount on the host that shares a pod's lifetime + type: complex + contains: + path: + description: + - Path that is exported by the NFS server. + type: str + read_only: + description: + - ReadOnly here will force the NFS export to be mounted with + read-only permissions. Defaults to false. + type: bool + server: + description: + - Server is the hostname or IP address of the NFS server. + type: str + persistent_volume_claim: + description: + - PersistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + type: complex + contains: + claim_name: + description: + - ClaimName is the name of a PersistentVolumeClaim in the same + namespace as the pod using this volume. + type: str + read_only: + description: + - Will force the ReadOnly setting in VolumeMounts. Default false. + type: bool + photon_persistent_disk: + description: + - PhotonPersistentDisk represents a PhotonController persistent + disk attached and mounted on kubelets host machine + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + pd_id: + description: + - ID that identifies Photon Controller persistent disk + type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be a filesystem + type supported by the host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be a value + between 0 and 0777. Directories within the path are not affected + by this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result can + be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data field + of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys + will not be present. If a key is specified which is + not present in the ConfigMap, the volume setup will + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key to. + May not be an absolute path. May not contain the + path element '..'. May not start with the string + '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be + defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only annotations, + labels, name and namespace are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name of the\ + \ file to be created. Must not be absolute or\ + \ contain the '..' path. Must be utf-8 encoded.\ + \ The first item of the relative path must not\ + \ start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data field + of the referenced Secret will be projected into the + volume as a file whose name is the key and content + is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys + will not be present. If a key is specified which is + not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key to. + May not be an absolute path. May not contain the + path element '..'. May not start with the string + '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be defined + type: bool + quobyte: + description: + - Quobyte represents a Quobyte mount on the host that shares a pod's + lifetime + type: complex + contains: + group: + description: + - Group to map volume access to Default is no group + type: str + read_only: + description: + - ReadOnly here will force the Quobyte volume to be mounted + with read-only permissions. Defaults to false. + type: bool + registry: + description: + - Registry represents a single or multiple Quobyte Registry + services specified as a string as host:port pair (multiple + entries are separated with commas) which acts as the central + registry for volumes + type: str + user: + description: + - User to map volume access to Defaults to serivceaccount user + type: str + volume: + description: + - Volume is a string that references an already created Quobyte + volume by name. + type: str + rbd: + description: + - RBD represents a Rados Block Device mount on the host that shares + a pod's lifetime. + type: complex + contains: + fs_type: + description: + - 'Filesystem type of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified.' + type: str + image: + description: + - The rados image name. + type: str + keyring: + description: + - Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. + type: str + monitors: + description: + - A collection of Ceph monitors. + type: list + contains: str + pool: + description: + - The rados pool name. Default is rbd. + type: str + read_only: + description: + - ReadOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: bool + secret_ref: + description: + - SecretRef is name of the authentication secret for RBDUser. + If provided overrides keyring. Default is nil. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + user: + description: + - The rados user name. Default is admin. + type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation + will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, default + false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain (defaults + to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str + secret: + description: + - Secret represents a secret that should populate this volume. + type: complex + contains: + default_mode: + description: + - 'Optional: mode bits to use on created files by default. Must + be a value between 0 and 0777. Defaults to 0644. Directories + within the path are not affected by this setting. This might + be in conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits set.' + type: int + items: + description: + - If unspecified, each key-value pair in the Data field of the + referenced Secret will be projected into the volume as a file + whose name is the key and content is the value. If specified, + the listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is specified + which is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, must be a value + between 0 and 0777. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key to. May not + be an absolute path. May not contain the path element + '..'. May not start with the string '..'. + type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool + secret_name: + description: + - Name of the secret in the pod's namespace to use. + type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted on + Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the StorageOS + API credentials. If not specified, default values will be + attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS volume. + Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within StorageOS. + If no namespace is specified then the Pod's namespace will + be used. This allows the Kubernetes name scoping to be mirrored + within StorageOS for tighter integration. Set VolumeName to + any name to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: str + vsphere_volume: + description: + - VsphereVolume represents a vSphere volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str + volume_path: + description: + - Path that identifies vSphere volume vmdk + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this object that + can be used by clients to determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('pod_preset_list', 'V1alpha1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1alpha1_role.py b/library/k8s_v1alpha1_role.py index 8e2d62a1..689b5cff 100644 --- a/library/k8s_v1alpha1_role.py +++ b/library/k8s_v1alpha1_role.py @@ -111,7 +111,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -218,6 +218,150 @@ role: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -253,6 +397,14 @@ role: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -301,17 +453,6 @@ role: the enumerated resources in any API group will be allowed. type: list contains: str - attribute_restrictions: - description: - - AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder - pair supports. If the Authorizer does not recognize how to handle the - AttributeRestrictions, the Authorizer should report an error. - type: complex - contains: - raw: - description: - - Raw is the underlying serialization of this object. - type: str non_resource_ur_ls: description: - NonResourceURLs is a set of partial urls that a user should have access diff --git a/library/k8s_v1alpha1_role_binding.py b/library/k8s_v1alpha1_role_binding.py index 02bb5756..c00511af 100644 --- a/library/k8s_v1alpha1_role_binding.py +++ b/library/k8s_v1alpha1_role_binding.py @@ -126,7 +126,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -233,6 +233,150 @@ role_binding: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -268,6 +412,14 @@ role_binding: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -330,7 +482,9 @@ role_binding: contains: api_version: description: - - APIVersion holds the API group and version of the referenced object. + - APIVersion holds the API group and version of the referenced subject. + Defaults to "v1" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io/v1alpha1" + for User and Group subjects. type: str kind: description: diff --git a/library/k8s_v1alpha1_role_binding_list.py b/library/k8s_v1alpha1_role_binding_list.py index ad0d89c2..3500497d 100644 --- a/library/k8s_v1alpha1_role_binding_list.py +++ b/library/k8s_v1alpha1_role_binding_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ role_binding_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ role_binding_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -311,7 +462,9 @@ role_binding_list: contains: api_version: description: - - APIVersion holds the API group and version of the referenced object. + - APIVersion holds the API group and version of the referenced subject. + Defaults to "v1" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io/v1alpha1" + for User and Group subjects. type: str kind: description: diff --git a/library/k8s_v1alpha1_role_list.py b/library/k8s_v1alpha1_role_list.py index 369fc3e3..f72d47a8 100644 --- a/library/k8s_v1alpha1_role_list.py +++ b/library/k8s_v1alpha1_role_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ role_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ role_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -297,17 +448,6 @@ role_list: one of the enumerated resources in any API group will be allowed. type: list contains: str - attribute_restrictions: - description: - - AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder - pair supports. If the Authorizer does not recognize how to handle - the AttributeRestrictions, the Authorizer should report an error. - type: complex - contains: - raw: - description: - - Raw is the underlying serialization of this object. - type: str non_resource_ur_ls: description: - NonResourceURLs is a set of partial urls that a user should have access diff --git a/library/k8s_v1beta1_api_service.py b/library/k8s_v1beta1_api_service.py new file mode 100644 index 00000000..bf05c129 --- /dev/null +++ b/library/k8s_v1beta1_api_service.py @@ -0,0 +1,606 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1beta1_api_service +short_description: Kubernetes APIService +description: +- Manage the lifecycle of a api_service object. Supports check mode, and attempts + to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + spec_ca_bundle: + description: + - CABundle is a PEM encoded CA bundle which will be used to validate an API server's + serving certificate. + aliases: + - ca_bundle + spec_group: + description: + - Group is the API group name this server hosts + aliases: + - group + spec_group_priority_minimum: + description: + - "GroupPriorityMininum is the priority this group should have at least. Higher\ + \ priority means that the group is prefered by clients over lower priority ones.\ + \ Note that other versions of this group might specify even higher GroupPriorityMininum\ + \ values such that the whole group gets a higher priority. The primary sort\ + \ is based on GroupPriorityMinimum, ordered highest number to lowest (20 before\ + \ 10). The secondary sort is based on the alphabetical comparison of the name\ + \ of the object. (v1.bar before v1.foo) We'd recommend something like: *.k8s.io\ + \ (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended\ + \ to be in the 2000s" + aliases: + - group_priority_minimum + type: int + spec_insecure_skip_tls_verify: + description: + - InsecureSkipTLSVerify disables TLS certificate verification when communicating + with this server. This is strongly discouraged. You should use the CABundle + instead. + aliases: + - insecure_skip_tls_verify + type: bool + spec_service_name: + description: + - Name is the name of the service + aliases: + - service_name + spec_service_namespace: + description: + - Namespace is the namespace of the service + aliases: + - service_namespace + spec_version: + description: + - Version is the API version this server hosts. For example, "v1" + aliases: + - version + spec_version_priority: + description: + - VersionPriority controls the ordering of this API version inside of its group. + Must be greater than zero. The primary sort is based on VersionPriority, ordered + highest to lowest (20 before 10). The secondary sort is based on the alphabetical + comparison of the name of the object. (v1.bar before v1.foo) Since it's inside + of a group, the number can be small, probably in the 10s. + aliases: + - version_priority + type: int + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +api_service: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: [] + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + spec: + description: + - Spec contains information for locating and communicating with a server + type: complex + contains: + ca_bundle: + description: + - CABundle is a PEM encoded CA bundle which will be used to validate an + API server's serving certificate. + type: str + group: + description: + - Group is the API group name this server hosts + type: str + group_priority_minimum: + description: + - "GroupPriorityMininum is the priority this group should have at least.\ + \ Higher priority means that the group is prefered by clients over lower\ + \ priority ones. Note that other versions of this group might specify\ + \ even higher GroupPriorityMininum values such that the whole group gets\ + \ a higher priority. The primary sort is based on GroupPriorityMinimum,\ + \ ordered highest number to lowest (20 before 10). The secondary sort\ + \ is based on the alphabetical comparison of the name of the object. (v1.bar\ + \ before v1.foo) We'd recommend something like: *.k8s.io (except extensions)\ + \ at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s" + type: int + insecure_skip_tls_verify: + description: + - InsecureSkipTLSVerify disables TLS certificate verification when communicating + with this server. This is strongly discouraged. You should use the CABundle + instead. + type: bool + service: + description: + - Service is a reference to the service for this API server. It must communicate + on port 443 If the Service is nil, that means the handling for the API + groupversion is handled locally on this server. The call will simply delegate + to the normal handler chain to be fulfilled. + type: complex + contains: + name: + description: + - Name is the name of the service + type: str + namespace: + description: + - Namespace is the namespace of the service + type: str + version: + description: + - Version is the API version this server hosts. For example, "v1" + type: str + version_priority: + description: + - VersionPriority controls the ordering of this API version inside of its + group. Must be greater than zero. The primary sort is based on VersionPriority, + ordered highest to lowest (20 before 10). The secondary sort is based + on the alphabetical comparison of the name of the object. (v1.bar before + v1.foo) Since it's inside of a group, the number can be small, probably + in the 10s. + type: int + status: + description: + - Status contains derived information about an API server + type: complex + contains: + conditions: + description: + - Current service state of apiService. + type: list + contains: + last_transition_time: + description: + - Last time the condition transitioned from one status to another. + type: complex + contains: {} + message: + description: + - Human-readable message indicating details about last transition. + type: str + reason: + description: + - Unique, one-word, CamelCase reason for the condition's last transition. + type: str + status: + description: + - Status is the status of the condition. Can be True, False, Unknown. + type: str + type: + description: + - Type is the type of the condition. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('api_service', 'V1beta1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1beta1_api_service_list.py b/library/k8s_v1beta1_api_service_list.py new file mode 100644 index 00000000..7547b313 --- /dev/null +++ b/library/k8s_v1beta1_api_service_list.py @@ -0,0 +1,568 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1beta1_api_service_list +short_description: Kubernetes APIServiceList +description: +- Retrieve a list of api_services. List operations provide a snapshot read of the + underlying objects, returning a resource_version representing a consistent version + of the listed objects. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +api_service_list: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + items: + description: [] + type: list + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. + type: str + metadata: + description: [] + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource + that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used + to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is + going to ignore it if set in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. + It is represented in RFC3339 form and is in UTC. Populated by the + system. Read-only. Null for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource + will be deleted. This field is set by the server when a graceful deletion + is requested by the user, and is not directly settable by a client. + The resource is expected to be deleted (no longer visible from resource + lists, and not reachable by name) after the time in this field. Once + set, this value may not be unset or be set further into the future, + although it may be shortened or the resource may be deleted prior + to this time. For example, a user may request that a pod is deleted + in 30 seconds. The Kubelet will react by sending a graceful termination + signal to the containers in the pod. After that 30 seconds, the Kubelet + will send a hard termination signal (SIGKILL) to the container and + after cleanup, remove the pod from the API. In the presence of network + partitions, this object may still exist after this timestamp, until + an administrator or automated process can determine the resource is + fully terminated. If not set, graceful deletion of the object has + not been requested. Populated by the system when a graceful deletion + is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each + entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is + non-nil, entries in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate + a unique name ONLY IF the Name field has not been provided. If this + field is used, the name returned to the client will be different than + the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make + the value unique on the server. If this field is specified and the + generated name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time allotted, + and the client should retry (optionally after the time indicated in + the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired + state. Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily + intended for creation idempotence and configuration definition. Cannot + be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" + is the canonical representation. Not all objects are required to be + scoped to a namespace - the value of this field for those objects + will be empty. Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list + have been deleted, this object will be garbage collected. If this + object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object + that can be used by clients to determine when objects have changed. + May be used for optimistic concurrency, change detection, and the + watch operation on a resource or set of resources. Clients must treat + these values as opaque and passed unmodified back to the server. They + may only be valid for a particular resource or set of resources. Populated + by the system. Read-only. Value must be treated as opaque by clients + and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. + Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is + not allowed to change on PUT operations. Populated by the system. + Read-only. + type: str + spec: + description: + - Spec contains information for locating and communicating with a server + type: complex + contains: + ca_bundle: + description: + - CABundle is a PEM encoded CA bundle which will be used to validate + an API server's serving certificate. + type: str + group: + description: + - Group is the API group name this server hosts + type: str + group_priority_minimum: + description: + - "GroupPriorityMininum is the priority this group should have at least.\ + \ Higher priority means that the group is prefered by clients over\ + \ lower priority ones. Note that other versions of this group might\ + \ specify even higher GroupPriorityMininum values such that the whole\ + \ group gets a higher priority. The primary sort is based on GroupPriorityMinimum,\ + \ ordered highest number to lowest (20 before 10). The secondary sort\ + \ is based on the alphabetical comparison of the name of the object.\ + \ (v1.bar before v1.foo) We'd recommend something like: *.k8s.io (except\ + \ extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended\ + \ to be in the 2000s" + type: int + insecure_skip_tls_verify: + description: + - InsecureSkipTLSVerify disables TLS certificate verification when communicating + with this server. This is strongly discouraged. You should use the + CABundle instead. + type: bool + service: + description: + - Service is a reference to the service for this API server. It must + communicate on port 443 If the Service is nil, that means the handling + for the API groupversion is handled locally on this server. The call + will simply delegate to the normal handler chain to be fulfilled. + type: complex + contains: + name: + description: + - Name is the name of the service + type: str + namespace: + description: + - Namespace is the namespace of the service + type: str + version: + description: + - Version is the API version this server hosts. For example, "v1" + type: str + version_priority: + description: + - VersionPriority controls the ordering of this API version inside of + its group. Must be greater than zero. The primary sort is based on + VersionPriority, ordered highest to lowest (20 before 10). The secondary + sort is based on the alphabetical comparison of the name of the object. + (v1.bar before v1.foo) Since it's inside of a group, the number can + be small, probably in the 10s. + type: int + status: + description: + - Status contains derived information about an API server + type: complex + contains: + conditions: + description: + - Current service state of apiService. + type: list + contains: + last_transition_time: + description: + - Last time the condition transitioned from one status to another. + type: complex + contains: {} + message: + description: + - Human-readable message indicating details about last transition. + type: str + reason: + description: + - Unique, one-word, CamelCase reason for the condition's last transition. + type: str + status: + description: + - Status is the status of the condition. Can be True, False, Unknown. + type: str + type: + description: + - Type is the type of the condition. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: [] + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this object that + can be used by clients to determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('api_service_list', 'V1beta1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1alpha1_certificate_signing_request.py b/library/k8s_v1beta1_certificate_signing_request.py similarity index 61% rename from library/k8s_v1alpha1_certificate_signing_request.py rename to library/k8s_v1beta1_certificate_signing_request.py index 843a14ef..485920db 100644 --- a/library/k8s_v1alpha1_certificate_signing_request.py +++ b/library/k8s_v1beta1_certificate_signing_request.py @@ -3,7 +3,7 @@ from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException DOCUMENTATION = ''' -module: k8s_v1alpha1_certificate_signing_request +module: k8s_v1beta1_certificate_signing_request short_description: Kubernetes CertificateSigningRequest description: - Manage the lifecycle of a certificate_signing_request object. Supports check mode, @@ -76,7 +76,15 @@ options: - Provide the YAML definition for the object, bypassing any modules parameters intended to define object attributes. type: dict + spec_extra: + description: + - Extra information about the requesting user. See user.Info interface for details. + aliases: + - extra + type: dict spec_groups: + description: + - Group information about the requesting user. See user.Info interface for details. aliases: - groups type: list @@ -86,12 +94,20 @@ options: aliases: - request spec_uid: + description: + - UID information about the requesting user. See user.Info interface for details. aliases: - uid + spec_usages: + description: + - 'allowedUsages specifies a set of usage contexts the key will be valid for. + See:' + aliases: + - usages + type: list spec_username: description: - - Information about the requesting user (if relevant) See user.Info interface - for details + - Information about the requesting user. See user.Info interface for details. aliases: - username src: @@ -125,7 +141,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -231,6 +247,150 @@ certificate_signing_request: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -266,6 +426,14 @@ certificate_signing_request: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -307,8 +475,16 @@ certificate_signing_request: - The certificate request itself and any additional information. type: complex contains: + extra: + description: + - Extra information about the requesting user. See user.Info interface for + details. + type: complex + contains: str, list[str] groups: - description: [] + description: + - Group information about the requesting user. See user.Info interface for + details. type: list contains: str request: @@ -316,12 +492,19 @@ certificate_signing_request: - Base64-encoded PKCS type: str uid: - description: [] + description: + - UID information about the requesting user. See user.Info interface for + details. type: str + usages: + description: + - 'allowedUsages specifies a set of usage contexts the key will be valid + for. See:' + type: list + contains: str username: description: - - Information about the requesting user (if relevant) See user.Info interface - for details + - Information about the requesting user. See user.Info interface for details. type: str status: description: @@ -360,7 +543,7 @@ certificate_signing_request: def main(): try: - module = KubernetesAnsibleModule('certificate_signing_request', 'V1alpha1') + module = KubernetesAnsibleModule('certificate_signing_request', 'V1beta1') except KubernetesAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) diff --git a/library/k8s_v1alpha1_certificate_signing_request_list.py b/library/k8s_v1beta1_certificate_signing_request_list.py similarity index 62% rename from library/k8s_v1alpha1_certificate_signing_request_list.py rename to library/k8s_v1beta1_certificate_signing_request_list.py index 8fd87eb3..1115753f 100644 --- a/library/k8s_v1alpha1_certificate_signing_request_list.py +++ b/library/k8s_v1beta1_certificate_signing_request_list.py @@ -3,7 +3,7 @@ from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException DOCUMENTATION = ''' -module: k8s_v1alpha1_certificate_signing_request_list +module: k8s_v1beta1_certificate_signing_request_list short_description: Kubernetes CertificateSigningRequestList description: - Retrieve a list of certificate_signing_requests. List operations provide a snapshot @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -208,6 +204,153 @@ certificate_signing_request_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -244,6 +387,14 @@ certificate_signing_request_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -288,8 +439,16 @@ certificate_signing_request_list: - The certificate request itself and any additional information. type: complex contains: + extra: + description: + - Extra information about the requesting user. See user.Info interface + for details. + type: complex + contains: str, list[str] groups: - description: [] + description: + - Group information about the requesting user. See user.Info interface + for details. type: list contains: str request: @@ -297,12 +456,20 @@ certificate_signing_request_list: - Base64-encoded PKCS type: str uid: - description: [] + description: + - UID information about the requesting user. See user.Info interface + for details. type: str + usages: + description: + - 'allowedUsages specifies a set of usage contexts the key will be valid + for. See:' + type: list + contains: str username: description: - - Information about the requesting user (if relevant) See user.Info - interface for details + - Information about the requesting user. See user.Info interface for + details. type: str status: description: @@ -362,7 +529,7 @@ certificate_signing_request_list: def main(): try: - module = KubernetesAnsibleModule('certificate_signing_request_list', 'V1alpha1') + module = KubernetesAnsibleModule('certificate_signing_request_list', 'V1beta1') except KubernetesAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) diff --git a/library/k8s_v1beta1_cluster_role.py b/library/k8s_v1beta1_cluster_role.py new file mode 100644 index 00000000..9f32fee6 --- /dev/null +++ b/library/k8s_v1beta1_cluster_role.py @@ -0,0 +1,501 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1beta1_cluster_role +short_description: Kubernetes ClusterRole +description: +- Manage the lifecycle of a cluster_role object. Supports check mode, and attempts + to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + rules: + description: + - Rules holds all the PolicyRules for this ClusterRole + type: list + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +cluster_role: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + rules: + description: + - Rules holds all the PolicyRules for this ClusterRole + type: list + contains: + api_groups: + description: + - APIGroups is the name of the APIGroup that contains the resources. If + multiple API groups are specified, any action requested against one of + the enumerated resources in any API group will be allowed. + type: list + contains: str + non_resource_ur_ls: + description: + - NonResourceURLs is a set of partial urls that a user should have access + to. *s are allowed, but only as the full, final step in the path Since + non-resource URLs are not namespaced, this field is only applicable for + ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply + to API resources (such as "pods" or "secrets") or non-resource URL paths + (such as "/api"), but not both. + type: list + contains: str + resource_names: + description: + - ResourceNames is an optional white list of names that the rule applies + to. An empty set means that everything is allowed. + type: list + contains: str + resources: + description: + - Resources is a list of resources this rule applies to. ResourceAll represents + all resources. + type: list + contains: str + verbs: + description: + - Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions + contained in this rule. VerbAll represents all kinds. + type: list + contains: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('cluster_role', 'V1beta1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1beta1_cluster_role_binding.py b/library/k8s_v1beta1_cluster_role_binding.py new file mode 100644 index 00000000..d4b3e4e8 --- /dev/null +++ b/library/k8s_v1beta1_cluster_role_binding.py @@ -0,0 +1,521 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1beta1_cluster_role_binding +short_description: Kubernetes ClusterRoleBinding +description: +- Manage the lifecycle of a cluster_role_binding object. Supports check mode, and + attempts to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + role_ref_api_group: + description: + - APIGroup is the group for the resource being referenced + aliases: + - api_group + role_ref_kind: + description: + - Kind is the type of resource being referenced + aliases: + - kind + role_ref_name: + description: + - Name is the name of resource being referenced + aliases: + - name + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + subjects: + description: + - Subjects holds references to the objects the role applies to. + type: list + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +cluster_role_binding: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + role_ref: + description: + - RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef + cannot be resolved, the Authorizer must return an error. + type: complex + contains: + api_group: + description: + - APIGroup is the group for the resource being referenced + type: str + kind: + description: + - Kind is the type of resource being referenced + type: str + name: + description: + - Name is the name of resource being referenced + type: str + subjects: + description: + - Subjects holds references to the objects the role applies to. + type: list + contains: + api_group: + description: + - APIGroup holds the API group of the referenced subject. Defaults to "" + for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for + User and Group subjects. + type: str + kind: + description: + - Kind of object being referenced. Values defined by this API group are + "User", "Group", and "ServiceAccount". If the Authorizer does not recognized + the kind value, the Authorizer should report an error. + type: str + name: + description: + - Name of the object being referenced. + type: str + namespace: + description: + - Namespace of the referenced object. If the object kind is non-namespace, + such as "User" or "Group", and this value is not empty the Authorizer + should report an error. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('cluster_role_binding', 'V1beta1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1beta1_cluster_role_binding_list.py b/library/k8s_v1beta1_cluster_role_binding_list.py new file mode 100644 index 00000000..0b9cb307 --- /dev/null +++ b/library/k8s_v1beta1_cluster_role_binding_list.py @@ -0,0 +1,523 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1beta1_cluster_role_binding_list +short_description: Kubernetes ClusterRoleBindingList +description: +- Retrieve a list of cluster_role_bindings. List operations provide a snapshot read + of the underlying objects, returning a resource_version representing a consistent + version of the listed objects. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +cluster_role_binding_list: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + items: + description: + - Items is a list of ClusterRoleBindings + type: list + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource + that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used + to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is + going to ignore it if set in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. + It is represented in RFC3339 form and is in UTC. Populated by the + system. Read-only. Null for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource + will be deleted. This field is set by the server when a graceful deletion + is requested by the user, and is not directly settable by a client. + The resource is expected to be deleted (no longer visible from resource + lists, and not reachable by name) after the time in this field. Once + set, this value may not be unset or be set further into the future, + although it may be shortened or the resource may be deleted prior + to this time. For example, a user may request that a pod is deleted + in 30 seconds. The Kubelet will react by sending a graceful termination + signal to the containers in the pod. After that 30 seconds, the Kubelet + will send a hard termination signal (SIGKILL) to the container and + after cleanup, remove the pod from the API. In the presence of network + partitions, this object may still exist after this timestamp, until + an administrator or automated process can determine the resource is + fully terminated. If not set, graceful deletion of the object has + not been requested. Populated by the system when a graceful deletion + is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each + entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is + non-nil, entries in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate + a unique name ONLY IF the Name field has not been provided. If this + field is used, the name returned to the client will be different than + the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make + the value unique on the server. If this field is specified and the + generated name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time allotted, + and the client should retry (optionally after the time indicated in + the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired + state. Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily + intended for creation idempotence and configuration definition. Cannot + be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" + is the canonical representation. Not all objects are required to be + scoped to a namespace - the value of this field for those objects + will be empty. Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list + have been deleted, this object will be garbage collected. If this + object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object + that can be used by clients to determine when objects have changed. + May be used for optimistic concurrency, change detection, and the + watch operation on a resource or set of resources. Clients must treat + these values as opaque and passed unmodified back to the server. They + may only be valid for a particular resource or set of resources. Populated + by the system. Read-only. Value must be treated as opaque by clients + and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. + Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is + not allowed to change on PUT operations. Populated by the system. + Read-only. + type: str + role_ref: + description: + - RoleRef can only reference a ClusterRole in the global namespace. If the + RoleRef cannot be resolved, the Authorizer must return an error. + type: complex + contains: + api_group: + description: + - APIGroup is the group for the resource being referenced + type: str + kind: + description: + - Kind is the type of resource being referenced + type: str + name: + description: + - Name is the name of resource being referenced + type: str + subjects: + description: + - Subjects holds references to the objects the role applies to. + type: list + contains: + api_group: + description: + - APIGroup holds the API group of the referenced subject. Defaults to + "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: str + kind: + description: + - Kind of object being referenced. Values defined by this API group + are "User", "Group", and "ServiceAccount". If the Authorizer does + not recognized the kind value, the Authorizer should report an error. + type: str + name: + description: + - Name of the object being referenced. + type: str + namespace: + description: + - Namespace of the referenced object. If the object kind is non-namespace, + such as "User" or "Group", and this value is not empty the Authorizer + should report an error. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this object that + can be used by clients to determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('cluster_role_binding_list', 'V1beta1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1beta1_cluster_role_list.py b/library/k8s_v1beta1_cluster_role_list.py new file mode 100644 index 00000000..ed57975b --- /dev/null +++ b/library/k8s_v1beta1_cluster_role_list.py @@ -0,0 +1,518 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1beta1_cluster_role_list +short_description: Kubernetes ClusterRoleList +description: +- Retrieve a list of cluster_roles. List operations provide a snapshot read of the + underlying objects, returning a resource_version representing a consistent version + of the listed objects. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +cluster_role_list: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + items: + description: + - Items is a list of ClusterRoles + type: list + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource + that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used + to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is + going to ignore it if set in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. + It is represented in RFC3339 form and is in UTC. Populated by the + system. Read-only. Null for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource + will be deleted. This field is set by the server when a graceful deletion + is requested by the user, and is not directly settable by a client. + The resource is expected to be deleted (no longer visible from resource + lists, and not reachable by name) after the time in this field. Once + set, this value may not be unset or be set further into the future, + although it may be shortened or the resource may be deleted prior + to this time. For example, a user may request that a pod is deleted + in 30 seconds. The Kubelet will react by sending a graceful termination + signal to the containers in the pod. After that 30 seconds, the Kubelet + will send a hard termination signal (SIGKILL) to the container and + after cleanup, remove the pod from the API. In the presence of network + partitions, this object may still exist after this timestamp, until + an administrator or automated process can determine the resource is + fully terminated. If not set, graceful deletion of the object has + not been requested. Populated by the system when a graceful deletion + is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each + entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is + non-nil, entries in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate + a unique name ONLY IF the Name field has not been provided. If this + field is used, the name returned to the client will be different than + the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make + the value unique on the server. If this field is specified and the + generated name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time allotted, + and the client should retry (optionally after the time indicated in + the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired + state. Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily + intended for creation idempotence and configuration definition. Cannot + be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" + is the canonical representation. Not all objects are required to be + scoped to a namespace - the value of this field for those objects + will be empty. Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list + have been deleted, this object will be garbage collected. If this + object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object + that can be used by clients to determine when objects have changed. + May be used for optimistic concurrency, change detection, and the + watch operation on a resource or set of resources. Clients must treat + these values as opaque and passed unmodified back to the server. They + may only be valid for a particular resource or set of resources. Populated + by the system. Read-only. Value must be treated as opaque by clients + and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. + Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is + not allowed to change on PUT operations. Populated by the system. + Read-only. + type: str + rules: + description: + - Rules holds all the PolicyRules for this ClusterRole + type: list + contains: + api_groups: + description: + - APIGroups is the name of the APIGroup that contains the resources. + If multiple API groups are specified, any action requested against + one of the enumerated resources in any API group will be allowed. + type: list + contains: str + non_resource_ur_ls: + description: + - NonResourceURLs is a set of partial urls that a user should have access + to. *s are allowed, but only as the full, final step in the path Since + non-resource URLs are not namespaced, this field is only applicable + for ClusterRoles referenced from a ClusterRoleBinding. Rules can either + apply to API resources (such as "pods" or "secrets") or non-resource + URL paths (such as "/api"), but not both. + type: list + contains: str + resource_names: + description: + - ResourceNames is an optional white list of names that the rule applies + to. An empty set means that everything is allowed. + type: list + contains: str + resources: + description: + - Resources is a list of resources this rule applies to. ResourceAll + represents all resources. + type: list + contains: str + verbs: + description: + - Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions + contained in this rule. VerbAll represents all kinds. + type: list + contains: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this object that + can be used by clients to determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('cluster_role_list', 'V1beta1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1beta1_horizontal_pod_autoscaler.py b/library/k8s_v1beta1_controller_revision.py similarity index 61% rename from library/k8s_v1beta1_horizontal_pod_autoscaler.py rename to library/k8s_v1beta1_controller_revision.py index bbd4f26e..ead96bed 100644 --- a/library/k8s_v1beta1_horizontal_pod_autoscaler.py +++ b/library/k8s_v1beta1_controller_revision.py @@ -3,11 +3,11 @@ from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException DOCUMENTATION = ''' -module: k8s_v1beta1_horizontal_pod_autoscaler -short_description: Kubernetes HorizontalPodAutoscaler +module: k8s_v1beta1_controller_revision +short_description: Kubernetes ControllerRevision description: -- Manage the lifecycle of a horizontal_pod_autoscaler object. Supports check mode, - and attempts to to be idempotent. +- Manage the lifecycle of a controller_revision object. Supports check mode, and attempts + to to be idempotent. version_added: 2.3.0 author: OpenShift (@openshift) options: @@ -27,6 +27,11 @@ options: context: description: - The name of a context found in the Kubernetes config file. + data_raw: + description: + - Raw is the underlying serialization of this object. + aliases: + - raw debug: description: - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log @@ -76,47 +81,10 @@ options: - Provide the YAML definition for the object, bypassing any modules parameters intended to define object attributes. type: dict - spec_cpu_utilization_target_percentage: + revision: description: - - fraction of the requested CPU that should be utilized/used, e.g. 70 means that - 70% of the requested CPU should be in use. - aliases: - - cpu_utilization_target_percentage + - Revision indicates the revision of the state represented by Data. type: int - spec_max_replicas: - description: - - upper limit for the number of pods that can be set by the autoscaler; cannot - be smaller than MinReplicas. - aliases: - - max_replicas - type: int - spec_min_replicas: - description: - - lower limit for the number of pods that can be set by the autoscaler, default - 1. - aliases: - - min_replicas - type: int - spec_scale_ref_api_version: - description: - - API version of the referent - aliases: - - scale_ref_api_version - spec_scale_ref_kind: - description: - - Kind of the referent; - aliases: - - scale_ref_kind - spec_scale_ref_name: - description: - - Name of the referent; - aliases: - - scale_ref_name - spec_scale_ref_subresource: - description: - - Subresource name of the referent - aliases: - - scale_ref_subresource src: description: - Provide a path to a file containing the YAML definition of the object. Mutually @@ -148,7 +116,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -158,7 +126,7 @@ RETURN = ''' api_version: type: string description: Requested API version -horizontal_pod_autoscaler: +controller_revision: type: complex returned: when I(state) = C(present) contains: @@ -168,6 +136,15 @@ horizontal_pod_autoscaler: Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str + data: + description: + - Data is the serialized representation of the state. + type: complex + contains: + raw: + description: + - Raw is the underlying serialization of this object. + type: str kind: description: - Kind is a string value representing the REST resource this object represents. @@ -176,7 +153,7 @@ horizontal_pod_autoscaler: type: str metadata: description: - - Standard object metadata. + - Standard object's metadata. type: complex contains: annotations: @@ -255,6 +232,150 @@ horizontal_pod_autoscaler: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -290,6 +411,14 @@ horizontal_pod_autoscaler: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -326,91 +455,16 @@ horizontal_pod_autoscaler: generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. type: str - spec: + revision: description: - - behaviour of autoscaler. - type: complex - contains: - cpu_utilization: - description: - - target average CPU utilization (represented as a percentage of requested - CPU) over all the pods; if not specified it defaults to the target CPU - utilization at 80% of the requested resources. - type: complex - contains: - target_percentage: - description: - - fraction of the requested CPU that should be utilized/used, e.g. 70 - means that 70% of the requested CPU should be in use. - type: int - max_replicas: - description: - - upper limit for the number of pods that can be set by the autoscaler; - cannot be smaller than MinReplicas. - type: int - min_replicas: - description: - - lower limit for the number of pods that can be set by the autoscaler, - default 1. - type: int - scale_ref: - description: - - reference to Scale subresource; horizontal pod autoscaler will learn the - current resource consumption from its status, and will set the desired - number of pods by modifying its spec. - type: complex - contains: - api_version: - description: - - API version of the referent - type: str - kind: - description: - - Kind of the referent; - type: str - name: - description: - - Name of the referent; - type: str - subresource: - description: - - Subresource name of the referent - type: str - status: - description: - - current information about the autoscaler. - type: complex - contains: - current_cpu_utilization_percentage: - description: - - current average CPU utilization over all pods, represented as a percentage - of requested CPU, e.g. 70 means that an average pod is using now 70% of - its requested CPU. - type: int - current_replicas: - description: - - current number of replicas of pods managed by this autoscaler. - type: int - desired_replicas: - description: - - desired number of replicas of pods managed by this autoscaler. - type: int - last_scale_time: - description: - - last time the HorizontalPodAutoscaler scaled the number of pods; used - by the autoscaler to control how often the number of pods is changed. - type: complex - contains: {} - observed_generation: - description: - - most recent generation observed by this autoscaler. - type: int + - Revision indicates the revision of the state represented by Data. + type: int ''' def main(): try: - module = KubernetesAnsibleModule('horizontal_pod_autoscaler', 'V1beta1') + module = KubernetesAnsibleModule('controller_revision', 'V1beta1') except KubernetesAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) diff --git a/library/k8s_v1beta1_horizontal_pod_autoscaler_list.py b/library/k8s_v1beta1_controller_revision_list.py similarity index 60% rename from library/k8s_v1beta1_horizontal_pod_autoscaler_list.py rename to library/k8s_v1beta1_controller_revision_list.py index af2e135e..2dd341a0 100644 --- a/library/k8s_v1beta1_horizontal_pod_autoscaler_list.py +++ b/library/k8s_v1beta1_controller_revision_list.py @@ -3,11 +3,11 @@ from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException DOCUMENTATION = ''' -module: k8s_v1beta1_horizontal_pod_autoscaler_list -short_description: Kubernetes HorizontalPodAutoscalerList +module: k8s_v1beta1_controller_revision_list +short_description: Kubernetes ControllerRevisionList description: -- Retrieve a list of horizontal_pod_autoscalers. List operations provide a snapshot - read of the underlying objects, returning a resource_version representing a consistent +- Retrieve a list of controller_revisions. List operations provide a snapshot read + of the underlying objects, returning a resource_version representing a consistent version of the listed objects. version_added: 2.3.0 author: OpenShift (@openshift) @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -99,7 +95,7 @@ RETURN = ''' api_version: type: string description: Requested API version -horizontal_pod_autoscaler_list: +controller_revision_list: type: complex returned: when I(state) = C(present) contains: @@ -111,7 +107,7 @@ horizontal_pod_autoscaler_list: type: str items: description: - - list of horizontal pod autoscaler objects. + - Items is the list of ControllerRevisions type: list contains: api_version: @@ -120,6 +116,15 @@ horizontal_pod_autoscaler_list: Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str + data: + description: + - Data is the serialized representation of the state. + type: complex + contains: + raw: + description: + - Raw is the underlying serialization of this object. + type: str kind: description: - Kind is a string value representing the REST resource this object represents. @@ -128,7 +133,7 @@ horizontal_pod_autoscaler_list: type: str metadata: description: - - Standard object metadata. + - Standard object's metadata. type: complex contains: annotations: @@ -210,6 +215,153 @@ horizontal_pod_autoscaler_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +398,14 @@ horizontal_pod_autoscaler_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -285,85 +445,10 @@ horizontal_pod_autoscaler_list: not allowed to change on PUT operations. Populated by the system. Read-only. type: str - spec: + revision: description: - - behaviour of autoscaler. - type: complex - contains: - cpu_utilization: - description: - - target average CPU utilization (represented as a percentage of requested - CPU) over all the pods; if not specified it defaults to the target - CPU utilization at 80% of the requested resources. - type: complex - contains: - target_percentage: - description: - - fraction of the requested CPU that should be utilized/used, e.g. - 70 means that 70% of the requested CPU should be in use. - type: int - max_replicas: - description: - - upper limit for the number of pods that can be set by the autoscaler; - cannot be smaller than MinReplicas. - type: int - min_replicas: - description: - - lower limit for the number of pods that can be set by the autoscaler, - default 1. - type: int - scale_ref: - description: - - reference to Scale subresource; horizontal pod autoscaler will learn - the current resource consumption from its status, and will set the - desired number of pods by modifying its spec. - type: complex - contains: - api_version: - description: - - API version of the referent - type: str - kind: - description: - - Kind of the referent; - type: str - name: - description: - - Name of the referent; - type: str - subresource: - description: - - Subresource name of the referent - type: str - status: - description: - - current information about the autoscaler. - type: complex - contains: - current_cpu_utilization_percentage: - description: - - current average CPU utilization over all pods, represented as a percentage - of requested CPU, e.g. 70 means that an average pod is using now 70% - of its requested CPU. - type: int - current_replicas: - description: - - current number of replicas of pods managed by this autoscaler. - type: int - desired_replicas: - description: - - desired number of replicas of pods managed by this autoscaler. - type: int - last_scale_time: - description: - - last time the HorizontalPodAutoscaler scaled the number of pods; used - by the autoscaler to control how often the number of pods is changed. - type: complex - contains: {} - observed_generation: - description: - - most recent generation observed by this autoscaler. - type: int + - Revision indicates the revision of the state represented by Data. + type: int kind: description: - Kind is a string value representing the REST resource this object represents. @@ -372,7 +457,7 @@ horizontal_pod_autoscaler_list: type: str metadata: description: - - Standard list metadata. + - '' type: complex contains: resource_version: @@ -391,7 +476,7 @@ horizontal_pod_autoscaler_list: def main(): try: - module = KubernetesAnsibleModule('horizontal_pod_autoscaler_list', 'V1beta1') + module = KubernetesAnsibleModule('controller_revision_list', 'V1beta1') except KubernetesAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) diff --git a/library/k8s_v1beta1_daemon_set.py b/library/k8s_v1beta1_daemon_set.py index f395bee3..69c276b0 100644 --- a/library/k8s_v1beta1_daemon_set.py +++ b/library/k8s_v1beta1_daemon_set.py @@ -76,6 +76,21 @@ options: - Provide the YAML definition for the object, bypassing any modules parameters intended to define object attributes. type: dict + spec_min_ready_seconds: + description: + - The minimum number of seconds for which a newly created DaemonSet pod should + be ready without any of its container crashing, for it to be considered available. + Defaults to 0 (pod will be considered available as soon as it is ready). + aliases: + - min_ready_seconds + type: int + spec_revision_history_limit: + description: + - The number of old history to retain to allow rollback. This is a pointer to + distinguish between explicit zero and not specified. Defaults to 10. + aliases: + - revision_history_limit + type: int spec_selector_match_expressions: description: - matchExpressions is a list of label selector requirements. The requirements @@ -92,6 +107,13 @@ options: aliases: - selector_match_labels type: dict + spec_template_generation: + description: + - DEPRECATED. A sequence number representing a specific generation of the template. + Populated by the system. It can be set only during the creation. + aliases: + - template_generation + type: int spec_template_metadata_annotations: description: - Annotations is an unstructured key value map stored with a resource that may @@ -123,6 +145,98 @@ options: aliases: - active_deadline_seconds type: int + spec_template_spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + spec_template_spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - automount_service_account_token + type: bool spec_template_spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -132,10 +246,18 @@ options: type: list spec_template_spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - dns_policy + spec_template_spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - host_aliases + type: list spec_template_spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -171,6 +293,21 @@ options: aliases: - image_pull_secrets type: list + spec_template_spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - init_containers + type: list spec_template_spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -192,6 +329,12 @@ options: Never. Default to Always. aliases: - restart_policy + spec_template_spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - scheduler_name spec_template_spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -280,12 +423,39 @@ options: aliases: - termination_grace_period_seconds type: int + spec_template_spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - tolerations + type: list spec_template_spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. aliases: - volumes type: list + spec_update_strategy_rolling_update_max_unavailable: + description: + - 'The maximum number of DaemonSet pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet + pods at the start of the update (ex: 10%). Absolute number is calculated from + percentage by rounding up. This cannot be 0. Default value is 1. Example: when + this is set to 30%, at most 30% of the total number of nodes that should be + running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods + stopped for an update at any given time. The update starts by stopping at most + 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. + Once the new pods are available, it then proceeds onto other DaemonSet pods, + thus ensuring that at least 70% of original number of DaemonSet pods are available + at all times during the update.' + aliases: + - update_strategy_rolling_update_max_unavailable + spec_update_strategy_type: + description: + - Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is + OnDelete. + aliases: + - update_strategy_type src: description: - Provide a path to a file containing the YAML definition of the object. Mutually @@ -317,7 +487,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -424,6 +594,150 @@ daemon_set: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -459,6 +773,14 @@ daemon_set: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -497,14 +819,25 @@ daemon_set: type: str spec: description: - - Spec defines the desired behavior of this daemon set. + - The desired behavior of this daemon set. type: complex contains: + min_ready_seconds: + description: + - The minimum number of seconds for which a newly created DaemonSet pod + should be ready without any of its container crashing, for it to be considered + available. Defaults to 0 (pod will be considered available as soon as + it is ready). + type: int + revision_history_limit: + description: + - The number of old history to retain to allow rollback. This is a pointer + to distinguish between explicit zero and not specified. Defaults to 10. + type: int selector: description: - - Selector is a label query over pods that are managed by the daemon set. - Must match in order to be controlled. If empty, defaulted to labels on - Pod template. + - A label query over pods that are managed by the daemon set. Must match + in order to be controlled. If empty, defaulted to labels on Pod template. type: complex contains: match_expressions: @@ -540,10 +873,9 @@ daemon_set: contains: str, str template: description: - - Template is the object that describes the pod that will be created. The - DaemonSet will create exactly one copy of this pod on every node that - matches the template's node selector (or on every node if no node selector - is specified). + - An object that describes the pod that will be created. The DaemonSet will + create exactly one copy of this pod on every node that matches the template's + node selector (or on every node if no node selector is specified). type: complex contains: metadata: @@ -632,6 +964,158 @@ daemon_set: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -669,6 +1153,14 @@ daemon_set: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -720,6 +1212,493 @@ daemon_set: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -791,11 +1770,17 @@ daemon_set: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -824,8 +1809,7 @@ daemon_set: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -844,6 +1828,53 @@ daemon_set: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -920,8 +1951,7 @@ daemon_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -933,13 +1963,17 @@ daemon_set: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -1002,8 +2036,7 @@ daemon_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1015,13 +2048,17 @@ daemon_set: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -1085,8 +2122,7 @@ daemon_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1114,13 +2150,17 @@ daemon_set: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1232,8 +2272,7 @@ daemon_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1261,13 +2300,17 @@ daemon_set: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1283,7 +2326,7 @@ daemon_set: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1291,10 +2334,10 @@ daemon_set: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1395,7 +2438,20 @@ daemon_set: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -1435,9 +2491,27 @@ daemon_set: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1470,6 +2544,805 @@ daemon_set: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -1488,6 +3361,11 @@ daemon_set: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1584,6 +3462,46 @@ daemon_set: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -1647,6 +3565,13 @@ daemon_set: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -1756,9 +3681,9 @@ daemon_set: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -1784,6 +3709,10 @@ daemon_set: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -1852,8 +3781,7 @@ daemon_set: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1870,6 +3798,15 @@ daemon_set: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -2044,6 +3981,14 @@ daemon_set: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -2064,11 +4009,27 @@ daemon_set: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -2130,6 +4091,209 @@ daemon_set: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2212,6 +4376,67 @@ daemon_set: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2234,8 +4459,9 @@ daemon_set: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -2257,10 +4483,58 @@ daemon_set: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -2273,35 +4547,104 @@ daemon_set: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk type: str + template_generation: + description: + - DEPRECATED. A sequence number representing a specific generation of the + template. Populated by the system. It can be set only during the creation. + type: int + update_strategy: + description: + - An update strategy to replace existing DaemonSet pods with new pods. + type: complex + contains: + rolling_update: + description: + - Rolling update config params. Present only if type = "RollingUpdate". + type: complex + contains: + max_unavailable: + description: + - 'The maximum number of DaemonSet pods that can be unavailable + during the update. Value can be an absolute number (ex: 5) or + a percentage of total number of DaemonSet pods at the start of + the update (ex: 10%). Absolute number is calculated from percentage + by rounding up. This cannot be 0. Default value is 1. Example: + when this is set to 30%, at most 30% of the total number of nodes + that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given time. The + update starts by stopping at most 30% of those DaemonSet pods + and then brings up new DaemonSet pods in their place. Once the + new pods are available, it then proceeds onto other DaemonSet + pods, thus ensuring that at least 70% of original number of DaemonSet + pods are available at all times during the update.' + type: str + type: + description: + - Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default + is OnDelete. + type: str status: description: - - Status is the current status of this daemon set. This data may be out of date - by some window of time. Populated by the system. Read-only. + - The current status of this daemon set. This data may be out of date by some + window of time. Populated by the system. Read-only. type: complex contains: + collision_count: + description: + - Count of hash collisions for the DaemonSet. The DaemonSet controller uses + this field as a collision avoidance mechanism when it needs to create + the name for the newest ControllerRevision. + type: int current_number_scheduled: description: - - CurrentNumberScheduled is the number of nodes that are running at least - 1 daemon pod and are supposed to run the daemon pod. + - The number of nodes that are running at least 1 daemon pod and are supposed + to run the daemon pod. type: int desired_number_scheduled: description: - - DesiredNumberScheduled is the total number of nodes that should be running - the daemon pod (including nodes correctly running the daemon pod). + - The total number of nodes that should be running the daemon pod (including + nodes correctly running the daemon pod). + type: int + number_available: + description: + - The number of nodes that should be running the daemon pod and have one + or more of the daemon pod running and available (ready for at least spec.minReadySeconds) type: int number_misscheduled: description: - - NumberMisscheduled is the number of nodes that are running the daemon - pod, but are not supposed to run the daemon pod. + - The number of nodes that are running the daemon pod, but are not supposed + to run the daemon pod. type: int number_ready: description: - - NumberReady is the number of nodes that should be running the daemon pod - and have one or more of the daemon pod running and ready. + - The number of nodes that should be running the daemon pod and have one + or more of the daemon pod running and ready. + type: int + number_unavailable: + description: + - The number of nodes that should be running the daemon pod and have none + of the daemon pod running and available (ready for at least spec.minReadySeconds) + type: int + observed_generation: + description: + - The most recent generation observed by the daemon set controller. + type: int + updated_number_scheduled: + description: + - The total number of nodes that are running updated daemon pod type: int ''' diff --git a/library/k8s_v1beta1_daemon_set_list.py b/library/k8s_v1beta1_daemon_set_list.py index b7765d22..c4044a46 100644 --- a/library/k8s_v1beta1_daemon_set_list.py +++ b/library/k8s_v1beta1_daemon_set_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -111,7 +107,7 @@ daemon_set_list: type: str items: description: - - Items is a list of daemon sets. + - A list of daemon sets. type: list contains: api_version: @@ -210,6 +206,153 @@ daemon_set_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ daemon_set_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -287,14 +438,26 @@ daemon_set_list: type: str spec: description: - - Spec defines the desired behavior of this daemon set. + - The desired behavior of this daemon set. type: complex contains: + min_ready_seconds: + description: + - The minimum number of seconds for which a newly created DaemonSet + pod should be ready without any of its container crashing, for it + to be considered available. Defaults to 0 (pod will be considered + available as soon as it is ready). + type: int + revision_history_limit: + description: + - The number of old history to retain to allow rollback. This is a pointer + to distinguish between explicit zero and not specified. Defaults to + 10. + type: int selector: description: - - Selector is a label query over pods that are managed by the daemon - set. Must match in order to be controlled. If empty, defaulted to - labels on Pod template. + - A label query over pods that are managed by the daemon set. Must match + in order to be controlled. If empty, defaulted to labels on Pod template. type: complex contains: match_expressions: @@ -330,10 +493,10 @@ daemon_set_list: contains: str, str template: description: - - Template is the object that describes the pod that will be created. - The DaemonSet will create exactly one copy of this pod on every node - that matches the template's node selector (or on every node if no - node selector is specified). + - An object that describes the pod that will be created. The DaemonSet + will create exactly one copy of this pod on every node that matches + the template's node selector (or on every node if no node selector + is specified). type: complex contains: metadata: @@ -427,6 +590,162 @@ daemon_set_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -465,6 +784,15 @@ daemon_set_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -517,6 +845,510 @@ daemon_set_list: try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the + system may or may not try to eventually evict the + pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system will try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must + be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some + other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by + iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches + the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this + field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system will + try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this + field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot @@ -590,11 +1422,17 @@ daemon_set_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -624,8 +1462,7 @@ daemon_set_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -644,6 +1481,53 @@ daemon_set_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -722,8 +1606,7 @@ daemon_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -735,13 +1618,17 @@ daemon_set_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is @@ -805,8 +1692,7 @@ daemon_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -818,13 +1704,17 @@ daemon_set_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be @@ -889,8 +1779,7 @@ daemon_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -918,13 +1807,17 @@ daemon_set_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1040,8 +1933,7 @@ daemon_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1069,13 +1961,17 @@ daemon_set_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1092,7 +1988,7 @@ daemon_set_list: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1100,10 +1996,10 @@ daemon_set_list: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1209,8 +2105,21 @@ daemon_set_list: \ termination message will be written is mounted into\ \ the container's filesystem. Message written is intended\ \ to be brief final status, such as an assertion failure\ - \ message. Defaults to /dev/termination-log. Cannot be\ - \ updated." + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. type: str tty: description: @@ -1251,9 +2160,27 @@ daemon_set_list: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To + have DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will + be injected into the pod's hosts file if specified. This is + only valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1287,6 +2214,825 @@ daemon_set_list: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init + containers are executed in order prior to containers being + started. If any init container fails, the pod is considered + to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be + unique among all containers. Init containers may not have + Lifecycle actions, Readiness probes, or Liveness probes. The + resourceRequirements of an init container are taken into account + during scheduling by finding the highest request/limit for + each resource type, and then using the max of of that value + or the sum of the normal containers. Limits are applied to + init containers in a similar fashion. Init containers cannot + currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is\ + \ used if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a\ + \ variable cannot be resolved, the reference in the input\ + \ string will be unchanged. The $(VAR_NAME) syntax can\ + \ be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided.\ + \ Variable references $(VAR_NAME) are expanded using the\ + \ container's environment. If a variable cannot be resolved,\ + \ the reference in the input string will be unchanged.\ + \ The $(VAR_NAME) syntax can be escaped with a double\ + \ $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists\ + \ or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. + Cannot be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the + container and any service environment variables. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot + be used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must + be a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container + is created. If the handler fails, the container is + terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is + terminated. The container is terminated after the + handler completes. The reason for termination is passed + to the handler. Regardless of the outcome of the handler, + the container is eventually terminated. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be + restarted if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be + updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a + port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will + be accessible from the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If + HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have + a unique name. Name for the port that can be referred + to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to + "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. + Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be + updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted + by the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the + host. Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image + at runtime to ensure that it does not run as UID 0 + (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate + a random SELinux context for each container. May also + be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the + container. + type: str + role: + description: + - Role is a SELinux role label that applies to the + container. + type: str + type: + description: + - Type is a SELinux type label that applies to the + container. + type: str + user: + description: + - User is a SELinux user label that applies to the + container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default + is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple + attach sessions. If stdinOnce is set to true, stdin is + opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into\ + \ the container's filesystem. Message written is intended\ + \ to be brief final status, such as an assertion failure\ + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, + also requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should + be mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific @@ -1305,6 +3051,11 @@ daemon_set_list: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1403,6 +3154,46 @@ daemon_set_list: Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a + pod can tolerate all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If + the operator is Exists, the value should be empty, otherwise + just a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging @@ -1467,6 +3258,13 @@ daemon_set_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will @@ -1579,8 +3377,9 @@ daemon_set_list: projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will - error. Paths must be relative and may not contain - the '..' path or start with '..'. + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. type: list contains: key: @@ -1607,6 +3406,11 @@ daemon_set_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be + defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that @@ -1677,8 +3481,7 @@ daemon_set_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1695,6 +3498,16 @@ daemon_set_list: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir + would be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that the + limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached @@ -1872,6 +3685,14 @@ daemon_set_list: to a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -1892,11 +3713,27 @@ daemon_set_list: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an + IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or @@ -1960,6 +3797,217 @@ daemon_set_list: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and + mounted on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to + be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and + downward API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must + be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will + be projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys + must be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: + only annotations, labels, name and namespace + are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath + is written in terms of, defaults to + "v1". + type: str + field_path: + description: + - Path of the field to select in the + specified API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not\ + \ be absolute or contain the '..' path.\ + \ Must be utf-8 encoded. The first item\ + \ of the relative path must not start\ + \ with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the + exposed resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced Secret will be + projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must + be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2043,6 +4091,68 @@ daemon_set_list: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured + storage (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user + and other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should + be thick or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2065,9 +4175,9 @@ daemon_set_list: is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is - not present in the Secret, the volume setup will error. - Paths must be relative and may not contain the '..' - path or start with '..'. + not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. type: list contains: key: @@ -2090,10 +4200,60 @@ daemon_set_list: path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then + the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and @@ -2107,36 +4267,107 @@ daemon_set_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk type: str + template_generation: + description: + - DEPRECATED. A sequence number representing a specific generation of + the template. Populated by the system. It can be set only during the + creation. + type: int + update_strategy: + description: + - An update strategy to replace existing DaemonSet pods with new pods. + type: complex + contains: + rolling_update: + description: + - Rolling update config params. Present only if type = "RollingUpdate". + type: complex + contains: + max_unavailable: + description: + - 'The maximum number of DaemonSet pods that can be unavailable + during the update. Value can be an absolute number (ex: 5) + or a percentage of total number of DaemonSet pods at the start + of the update (ex: 10%). Absolute number is calculated from + percentage by rounding up. This cannot be 0. Default value + is 1. Example: when this is set to 30%, at most 30% of the + total number of nodes that should be running the daemon pod + (i.e. status.desiredNumberScheduled) can have their pods stopped + for an update at any given time. The update starts by stopping + at most 30% of those DaemonSet pods and then brings up new + DaemonSet pods in their place. Once the new pods are available, + it then proceeds onto other DaemonSet pods, thus ensuring + that at least 70% of original number of DaemonSet pods are + available at all times during the update.' + type: str + type: + description: + - Type of daemon set update. Can be "RollingUpdate" or "OnDelete". + Default is OnDelete. + type: str status: description: - - Status is the current status of this daemon set. This data may be out - of date by some window of time. Populated by the system. Read-only. + - The current status of this daemon set. This data may be out of date by + some window of time. Populated by the system. Read-only. type: complex contains: + collision_count: + description: + - Count of hash collisions for the DaemonSet. The DaemonSet controller + uses this field as a collision avoidance mechanism when it needs to + create the name for the newest ControllerRevision. + type: int current_number_scheduled: description: - - CurrentNumberScheduled is the number of nodes that are running at - least 1 daemon pod and are supposed to run the daemon pod. + - The number of nodes that are running at least 1 daemon pod and are + supposed to run the daemon pod. type: int desired_number_scheduled: description: - - DesiredNumberScheduled is the total number of nodes that should be - running the daemon pod (including nodes correctly running the daemon - pod). + - The total number of nodes that should be running the daemon pod (including + nodes correctly running the daemon pod). + type: int + number_available: + description: + - The number of nodes that should be running the daemon pod and have + one or more of the daemon pod running and available (ready for at + least spec.minReadySeconds) type: int number_misscheduled: description: - - NumberMisscheduled is the number of nodes that are running the daemon - pod, but are not supposed to run the daemon pod. + - The number of nodes that are running the daemon pod, but are not supposed + to run the daemon pod. type: int number_ready: description: - - NumberReady is the number of nodes that should be running the daemon - pod and have one or more of the daemon pod running and ready. + - The number of nodes that should be running the daemon pod and have + one or more of the daemon pod running and ready. + type: int + number_unavailable: + description: + - The number of nodes that should be running the daemon pod and have + none of the daemon pod running and available (ready for at least spec.minReadySeconds) + type: int + observed_generation: + description: + - The most recent generation observed by the daemon set controller. + type: int + updated_number_scheduled: + description: + - The total number of nodes that are running updated daemon pod type: int kind: description: diff --git a/library/k8s_v1beta1_deployment.py b/library/k8s_v1beta1_deployment.py deleted file mode 100644 index e385f121..00000000 --- a/library/k8s_v1beta1_deployment.py +++ /dev/null @@ -1,2516 +0,0 @@ -#!/usr/bin/env python - -from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException - -DOCUMENTATION = ''' -module: k8s_v1beta1_deployment -short_description: Kubernetes Deployment -description: -- Manage the lifecycle of a deployment object. Supports check mode, and attempts to - to be idempotent. -version_added: 2.3.0 -author: OpenShift (@openshift) -options: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. They are - not queryable and should be preserved when modifying objects. - type: dict - api_key: - description: - - Token used to connect to the API. - cert_file: - description: - - Path to a certificate used to authenticate with the API. - type: path - context: - description: - - The name of a context found in the Kubernetes config file. - debug: - description: - - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log - default: false - type: bool - force: - description: - - If set to C(True), and I(state) is C(present), an existing object will updated, - and lists will be replaced, rather than merged. - default: false - type: bool - host: - description: - - Provide a URL for acessing the Kubernetes API. - key_file: - description: - - Path to a key file used to authenticate with the API. - type: path - kubeconfig: - description: - - Path to an existing Kubernetes config file. If not provided, and no other connection - options are provided, the openshift client will attempt to load the default - configuration file from I(~/.kube/config.json). - type: path - labels: - description: - - Map of string keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers and services. - type: dict - name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation idempotence and - configuration definition. Cannot be updated. - namespace: - description: - - Namespace defines the space within each name must be unique. An empty namespace - is equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. - password: - description: - - Provide a password for connecting to the API. Use in conjunction with I(username). - resource_definition: - description: - - Provide the YAML definition for the object, bypassing any modules parameters - intended to define object attributes. - type: dict - spec_min_ready_seconds: - description: - - Minimum number of seconds for which a newly created pod should be ready without - any of its container crashing, for it to be considered available. Defaults to - 0 (pod will be considered available as soon as it is ready) - aliases: - - min_ready_seconds - type: int - spec_paused: - description: - - Indicates that the deployment is paused and will not be processed by the deployment - controller. - aliases: - - paused - type: bool - spec_progress_deadline_seconds: - description: - - The maximum time in seconds for a deployment to make progress before it is considered - to be failed. The deployment controller will continue to process failed deployments - and a condition with a ProgressDeadlineExceeded reason will be surfaced in the - deployment status. Once autoRollback is implemented, the deployment controller - will automatically rollback failed deployments. Note that progress will not - be estimated during the time a deployment is paused. This is not set by default. - aliases: - - progress_deadline_seconds - type: int - spec_replicas: - description: - - Number of desired pods. This is a pointer to distinguish between explicit zero - and not specified. Defaults to 1. - aliases: - - replicas - type: int - spec_revision_history_limit: - description: - - The number of old ReplicaSets to retain to allow rollback. This is a pointer - to distinguish between explicit zero and not specified. - aliases: - - revision_history_limit - type: int - spec_rollback_to_revision: - description: - - The revision to rollback to. If set to 0, rollbck to the last revision. - aliases: - - rollback_to_revision - type: int - spec_selector_match_expressions: - description: - - matchExpressions is a list of label selector requirements. The requirements - are ANDed. - aliases: - - selector_match_expressions - type: list - spec_selector_match_labels: - description: - - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only "value". The requirements - are ANDed. - aliases: - - selector_match_labels - type: dict - spec_strategy_rolling_update_max_surge: - description: - - 'The maximum number of pods that can be scheduled above the desired number of - pods. Value can be an absolute number (ex: 5) or a percentage of desired pods - (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated - from percentage by rounding up. By default, a value of 1 is used. Example: when - this is set to 30%, the new RC can be scaled up immediately when the rolling - update starts, such that the total number of old and new pods do not exceed - 130% of desired pods. Once old pods have been killed, new RC can be scaled up - further, ensuring that total number of pods running at any time during the update - is atmost 130% of desired pods.' - aliases: - - strategy_rolling_update_max_surge - spec_strategy_rolling_update_max_unavailable: - description: - - 'The maximum number of pods that can be unavailable during the update. Value - can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage by rounding up. This can not be - 0 if MaxSurge is 0. By default, a fixed value of 1 is used. Example: when this - is set to 30%, the old RC can be scaled down to 70% of desired pods immediately - when the rolling update starts. Once new pods are ready, old RC can be scaled - down further, followed by scaling up the new RC, ensuring that the total number - of pods available at all times during the update is at least 70% of desired - pods.' - aliases: - - strategy_rolling_update_max_unavailable - spec_strategy_type: - description: - - Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - aliases: - - strategy_type - spec_template_metadata_annotations: - description: - - Annotations is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. They are - not queryable and should be preserved when modifying objects. - type: dict - spec_template_metadata_labels: - description: - - Map of string keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers and services. - type: dict - spec_template_metadata_name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation idempotence and - configuration definition. Cannot be updated. - spec_template_metadata_namespace: - description: - - Namespace defines the space within each name must be unique. An empty namespace - is equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. - spec_template_spec_active_deadline_seconds: - description: - - Optional duration in seconds the pod may be active on the node relative to StartTime - before the system will actively try to mark it failed and kill associated containers. - Value must be a positive integer. - aliases: - - active_deadline_seconds - type: int - spec_template_spec_containers: - description: - - List of containers belonging to the pod. Containers cannot currently be added - or removed. There must be at least one container in a Pod. Cannot be updated. - aliases: - - containers - type: list - spec_template_spec_dns_policy: - description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". - aliases: - - dns_policy - spec_template_spec_host_ipc: - description: - - "Use the host's ipc namespace. Optional: Default to false." - aliases: - - host_ipc - type: bool - spec_template_spec_host_network: - description: - - Host networking requested for this pod. Use the host's network namespace. If - this option is set, the ports that will be used must be specified. Default to - false. - aliases: - - host_network - type: bool - spec_template_spec_host_pid: - description: - - "Use the host's pid namespace. Optional: Default to false." - aliases: - - host_pid - type: bool - spec_template_spec_hostname: - description: - - Specifies the hostname of the Pod If not specified, the pod's hostname will - be set to a system-defined value. - aliases: - - hostname - spec_template_spec_image_pull_secrets: - description: - - ImagePullSecrets is an optional list of references to secrets in the same namespace - to use for pulling any of the images used by this PodSpec. If specified, these - secrets will be passed to individual puller implementations for them to use. - For example, in the case of docker, only DockerConfig type secrets are honored. - aliases: - - image_pull_secrets - type: list - spec_template_spec_node_name: - description: - - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - the scheduler simply schedules this pod onto that node, assuming that it fits - resource requirements. - aliases: - - node_name - spec_template_spec_node_selector: - description: - - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that - node. - aliases: - - node_selector - type: dict - spec_template_spec_restart_policy: - description: - - Restart policy for all containers within the pod. One of Always, OnFailure, - Never. Default to Always. - aliases: - - restart_policy - spec_template_spec_security_context_fs_group: - description: - - "A special supplemental group that applies to all containers in a pod. Some\ - \ volume types allow the Kubelet to change the ownership of that volume to be\ - \ owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit\ - \ is set (new files created in the volume will be owned by FSGroup) 3. The permission\ - \ bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership\ - \ and permissions of any volume." - aliases: - - security_context_fs_group - type: int - spec_template_spec_security_context_run_as_non_root: - description: - - Indicates that the container must run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure that it does not run as UID 0 (root) - and fail to start the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes precedence. - aliases: - - security_context_run_as_non_root - type: bool - spec_template_spec_security_context_run_as_user: - description: - - The UID to run the entrypoint of the container process. Defaults to user specified - in image metadata if unspecified. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - aliases: - - security_context_run_as_user - type: int - spec_template_spec_security_context_se_linux_options_level: - description: - - Level is SELinux level label that applies to the container. - aliases: - - security_context_se_linux_options_level - spec_template_spec_security_context_se_linux_options_role: - description: - - Role is a SELinux role label that applies to the container. - aliases: - - security_context_se_linux_options_role - spec_template_spec_security_context_se_linux_options_type: - description: - - Type is a SELinux type label that applies to the container. - aliases: - - security_context_se_linux_options_type - spec_template_spec_security_context_se_linux_options_user: - description: - - User is a SELinux user label that applies to the container. - aliases: - - security_context_se_linux_options_user - spec_template_spec_security_context_supplemental_groups: - description: - - A list of groups applied to the first process run in each container, in addition - to the container's primary GID. If unspecified, no groups will be added to any - container. - aliases: - - security_context_supplemental_groups - type: list - spec_template_spec_service_account: - description: - - 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: - Use serviceAccountName instead.' - aliases: - - service_account - spec_template_spec_service_account_name: - description: - - ServiceAccountName is the name of the ServiceAccount to use to run this pod. - aliases: - - service_account_name - spec_template_spec_subdomain: - description: - - If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a - domainname at all. - aliases: - - subdomain - spec_template_spec_termination_grace_period_seconds: - description: - - Optional duration in seconds the pod needs to terminate gracefully. May be decreased - in delete request. Value must be non-negative integer. The value zero indicates - delete immediately. If this value is nil, the default grace period will be used - instead. The grace period is the duration in seconds after the processes running - in the pod are sent a termination signal and the time when the processes are - forcibly halted with a kill signal. Set this value longer than the expected - cleanup time for your process. Defaults to 30 seconds. - aliases: - - termination_grace_period_seconds - type: int - spec_template_spec_volumes: - description: - - List of volumes that can be mounted by containers belonging to the pod. - aliases: - - volumes - type: list - src: - description: - - Provide a path to a file containing the YAML definition of the object. Mutually - exclusive with I(resource_definition). - type: path - ssl_ca_cert: - description: - - Path to a CA certificate used to authenticate with the API. - type: path - state: - description: - - Determines if an object should be created, patched, or deleted. When set to - C(present), the object will be created, if it does not exist, or patched, if - parameter values differ from the existing object's attributes, and deleted, - if set to C(absent). A patch operation results in merging lists and updating - dictionaries, with lists being merged into a unique set of values. If a list - contains a dictionary with a I(name) or I(type) attribute, a strategic merge - is performed, where individual elements with a matching I(name_) or I(type) - are merged. To force the replacement of lists, set the I(force) option to C(True). - default: present - choices: - - present - - absent - username: - description: - - Provide a username for connecting to the API. - verify_ssl: - description: - - Whether or not to verify the API server's SSL certificates. - type: bool -requirements: -- kubernetes == 1.0.0 -''' - -EXAMPLES = ''' -''' - -RETURN = ''' -api_version: - type: string - description: Requested API version -deployment: - type: complex - returned: when I(state) = C(present) - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. - type: str - metadata: - description: - - Standard object metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource that - may be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used to distinguish - resources with same name and namespace in different clusters. This field - is not set anywhere right now and apiserver is going to ignore it if set - in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time when this - object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null - for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate before - it will be removed from the system. Only set when deletionTimestamp is - also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource will - be deleted. This field is set by the server when a graceful deletion is - requested by the user, and is not directly settable by a client. The resource - is expected to be deleted (no longer visible from resource lists, and - not reachable by name) after the time in this field. Once set, this value - may not be unset or be set further into the future, although it may be - shortened or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet will - react by sending a graceful termination signal to the containers in the - pod. After that 30 seconds, the Kubelet will send a hard termination signal - (SIGKILL) to the container and after cleanup, remove the pod from the - API. In the presence of network partitions, this object may still exist - after this timestamp, until an administrator or automated process can - determine the resource is fully terminated. If not set, graceful deletion - of the object has not been requested. Populated by the system when a graceful - deletion is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. Each entry - is an identifier for the responsible component that will remove the entry - from the list. If the deletionTimestamp of the object is non-nil, entries - in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate a - unique name ONLY IF the Name field has not been provided. If this field - is used, the name returned to the client will be different than the name - passed. This value will also be combined with a unique suffix. The provided - value has the same validation rules as the Name field, and may be truncated - by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created or 500 with - Reason ServerTimeout indicating a unique name could not be found in the - time allotted, and the client should retry (optionally after the time - indicated in the Retry-After header). Applied only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired state. - Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of - an appropriate name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An empty - namespace is equivalent to the "default" namespace, but "default" is the - canonical representation. Not all objects are required to be scoped to - a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the list have - been deleted, this object will be garbage collected. If this object is - managed by a controller, then an entry in this list will point to this - controller, with the controller field set to true. There cannot be more - than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object that - can be used by clients to determine when objects have changed. May be - used for optimistic concurrency, change detection, and the watch operation - on a resource or set of resources. Clients must treat these values as - opaque and passed unmodified back to the server. They may only be valid - for a particular resource or set of resources. Populated by the system. - Read-only. Value must be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It is typically - generated by the server on successful creation of a resource and is not - allowed to change on PUT operations. Populated by the system. Read-only. - type: str - spec: - description: - - Specification of the desired behavior of the Deployment. - type: complex - contains: - min_ready_seconds: - description: - - Minimum number of seconds for which a newly created pod should be ready - without any of its container crashing, for it to be considered available. - Defaults to 0 (pod will be considered available as soon as it is ready) - type: int - paused: - description: - - Indicates that the deployment is paused and will not be processed by the - deployment controller. - type: bool - progress_deadline_seconds: - description: - - The maximum time in seconds for a deployment to make progress before it - is considered to be failed. The deployment controller will continue to - process failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. Once autoRollback is - implemented, the deployment controller will automatically rollback failed - deployments. Note that progress will not be estimated during the time - a deployment is paused. This is not set by default. - type: int - replicas: - description: - - Number of desired pods. This is a pointer to distinguish between explicit - zero and not specified. Defaults to 1. - type: int - revision_history_limit: - description: - - The number of old ReplicaSets to retain to allow rollback. This is a pointer - to distinguish between explicit zero and not specified. - type: int - rollback_to: - description: - - The config this deployment is rolling back to. Will be cleared after rollback - is done. - type: complex - contains: - revision: - description: - - The revision to rollback to. If set to 0, rollbck to the last revision. - type: int - selector: - description: - - Label selector for pods. Existing ReplicaSets whose pods are selected - by this will be the ones affected by this deployment. - type: complex - contains: - match_expressions: - description: - - matchExpressions is a list of label selector requirements. The requirements - are ANDed. - type: list - contains: - key: - description: - - key is the label key that the selector applies to. - type: str - operator: - description: - - operator represents a key's relationship to a set of values. Valid - operators ard In, NotIn, Exists and DoesNotExist. - type: str - values: - description: - - values is an array of string values. If the operator is In or - NotIn, the values array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must be empty. This array - is replaced during a strategic merge patch. - type: list - contains: str - match_labels: - description: - - matchLabels is a map of {key,value} pairs. A single {key,value} in - the matchLabels map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: complex - contains: str, str - strategy: - description: - - The deployment strategy to use to replace existing pods with new ones. - type: complex - contains: - rolling_update: - description: - - Rolling update config params. Present only if DeploymentStrategyType - = RollingUpdate. - type: complex - contains: - max_surge: - description: - - 'The maximum number of pods that can be scheduled above the desired - number of pods. Value can be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). This can not be 0 if MaxUnavailable - is 0. Absolute number is calculated from percentage by rounding - up. By default, a value of 1 is used. Example: when this is set - to 30%, the new RC can be scaled up immediately when the rolling - update starts, such that the total number of old and new pods - do not exceed 130% of desired pods. Once old pods have been killed, - new RC can be scaled up further, ensuring that total number of - pods running at any time during the update is atmost 130% of desired - pods.' - type: complex - contains: {} - max_unavailable: - description: - - 'The maximum number of pods that can be unavailable during the - update. Value can be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). Absolute number is calculated from - percentage by rounding up. This can not be 0 if MaxSurge is 0. - By default, a fixed value of 1 is used. Example: when this is - set to 30%, the old RC can be scaled down to 70% of desired pods - immediately when the rolling update starts. Once new pods are - ready, old RC can be scaled down further, followed by scaling - up the new RC, ensuring that the total number of pods available - at all times during the update is at least 70% of desired pods.' - type: complex - contains: {} - type: - description: - - Type of deployment. Can be "Recreate" or "RollingUpdate". Default - is RollingUpdate. - type: str - template: - description: - - Template describes the pods that will be created. - type: complex - contains: - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource - that may be set by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be preserved when - modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used - to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver - is going to ignore it if set in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in - happens-before order across separate operations. Clients may not - set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource - will be deleted. This field is set by the server when a graceful - deletion is requested by the user, and is not directly settable - by a client. The resource is expected to be deleted (no longer - visible from resource lists, and not reachable by name) after - the time in this field. Once set, this value may not be unset - or be set further into the future, although it may be shortened - or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet - will react by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a hard - termination signal (SIGKILL) to the container and after cleanup, - remove the pod from the API. In the presence of network partitions, - this object may still exist after this timestamp, until an administrator - or automated process can determine the resource is fully terminated. - If not set, graceful deletion of the object has not been requested. - Populated by the system when a graceful deletion is requested. - Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component that - will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate - a unique name ONLY IF the Name field has not been provided. If - this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a - unique suffix. The provided value has the same validation rules - as the Name field, and may be truncated by the length of the suffix - required to make the value unique on the server. If this field - is specified and the generated name exists, the server will NOT - return a 409 - instead, it will either return 201 Created or 500 - with Reason ServerTimeout indicating a unique name could not be - found in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied only - if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired - state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and - categorize (scope and select) objects. May match selectors of - replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration definition. - Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An - empty namespace is equivalent to the "default" namespace, but - "default" is the canonical representation. Not all objects are - required to be scoped to a namespace - the value of this field - for those objects will be empty. Must be a DNS_LABEL. Cannot be - updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the - list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object - that can be used by clients to determine when objects have changed. - May be used for optimistic concurrency, change detection, and - the watch operation on a resource or set of resources. Clients - must treat these values as opaque and passed unmodified back to - the server. They may only be valid for a particular resource or - set of resources. Populated by the system. Read-only. Value must - be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. - Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It - is typically generated by the server on successful creation of - a resource and is not allowed to change on PUT operations. Populated - by the system. Read-only. - type: str - spec: - description: - - Specification of the desired behavior of the pod. - type: complex - contains: - active_deadline_seconds: - description: - - Optional duration in seconds the pod may be active on the node - relative to StartTime before the system will actively try to mark - it failed and kill associated containers. Value must be a positive - integer. - type: int - containers: - description: - - List of containers belonging to the pod. Containers cannot currently - be added or removed. There must be at least one container in a - Pod. Cannot be updated. - type: list - contains: - args: - description: - - "Arguments to the entrypoint. The docker image's CMD is used\ - \ if this is not provided. Variable references $(VAR_NAME)\ - \ are expanded using the container's environment. If a variable\ - \ cannot be resolved, the reference in the input string will\ - \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ - \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ - \ be expanded, regardless of whether the variable exists or\ - \ not. Cannot be updated." - type: list - contains: str - command: - description: - - "Entrypoint array. Not executed within a shell. The docker\ - \ image's ENTRYPOINT is used if this is not provided. Variable\ - \ references $(VAR_NAME) are expanded using the container's\ - \ environment. If a variable cannot be resolved, the reference\ - \ in the input string will be unchanged. The $(VAR_NAME) syntax\ - \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ - \ references will never be expanded, regardless of whether\ - \ the variable exists or not. Cannot be updated." - type: list - contains: str - env: - description: - - List of environment variables to set in the container. Cannot - be updated. - type: list - contains: - name: - description: - - Name of the environment variable. Must be a C_IDENTIFIER. - type: str - value: - description: - - 'Variable references $(VAR_NAME) are expanded using the - previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: str - value_from: - description: - - Source for the environment variable's value. Cannot be - used if value is not empty. - type: complex - contains: - config_map_key_ref: - description: - - Selects a key of a ConfigMap. - type: complex - contains: - key: - description: - - The key to select. - type: str - name: - description: - - Name of the referent. - type: str - field_ref: - description: - - 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified API - version. - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed resources, - defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - secret_key_ref: - description: - - Selects a key of a secret in the pod's namespace - type: complex - contains: - key: - description: - - The key of the secret to select from. Must be - a valid secret key. - type: str - name: - description: - - Name of the referent. - type: str - image: - description: - - Docker image name. - type: str - image_pull_policy: - description: - - Image pull policy. One of Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - type: str - lifecycle: - description: - - Actions that the management system should take in response - to container lifecycle events. Cannot be updated. - type: complex - contains: - post_start: - description: - - PostStart is called immediately after a container is created. - If the handler fails, the container is terminated and - restarted according to its restart policy. Other management - of the container blocks until the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - pre_stop: - description: - - PreStop is called immediately before a container is terminated. - The container is terminated after the handler completes. - The reason for termination is passed to the handler. Regardless - of the outcome of the handler, the container is eventually - terminated. Other management of the container blocks until - the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - liveness_probe: - description: - - Periodic probe of container liveness. Container will be restarted - if the probe fails. Cannot be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside the - container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so - traditional shell instructions ('|', etc) won't work. - To use a shell, you need to explicitly call out to - that shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started before - liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default to - 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be considered - successful after having failed. Defaults to 1. Must be - 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. TCP - hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. Defaults - to 1 second. Minimum value is 1. - type: int - name: - description: - - Name of the container specified as a DNS_LABEL. Each container - in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: str - ports: - description: - - List of ports to expose from the container. Exposing a port - here gives the system additional information about the network - connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from - being exposed. Any port which is listening on the default - "0.0.0.0" address inside a container will be accessible from - the network. Cannot be updated. - type: list - contains: - container_port: - description: - - Number of port to expose on the pod's IP address. This - must be a valid port number, 0 < x < 65536. - type: int - host_ip: - description: - - What host IP to bind the external port to. - type: str - host_port: - description: - - Number of port to expose on the host. If specified, this - must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - type: int - name: - description: - - If specified, this must be an IANA_SVC_NAME and unique - within the pod. Each named port in a pod must have a unique - name. Name for the port that can be referred to by services. - type: str - protocol: - description: - - Protocol for port. Must be UDP or TCP. Defaults to "TCP". - type: str - readiness_probe: - description: - - Periodic probe of container service readiness. Container will - be removed from service endpoints if the probe fails. Cannot - be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside the - container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so - traditional shell instructions ('|', etc) won't work. - To use a shell, you need to explicitly call out to - that shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started before - liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default to - 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be considered - successful after having failed. Defaults to 1. Must be - 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. TCP - hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. Defaults - to 1 second. Minimum value is 1. - type: int - resources: - description: - - Compute Resources required by this container. Cannot be updated. - type: complex - contains: - limits: - description: - - Limits describes the maximum amount of compute resources - allowed. - type: complex - contains: str, ResourceQuantity - requests: - description: - - Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to - an implementation-defined value. - type: complex - contains: str, ResourceQuantity - security_context: - description: - - Security options the pod should run with. - type: complex - contains: - capabilities: - description: - - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. - type: complex - contains: - add: - description: - - Added capabilities - type: list - contains: str - drop: - description: - - Removed capabilities - type: list - contains: str - privileged: - description: - - Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. - Defaults to false. - type: bool - read_only_root_filesystem: - description: - - Whether this container has a read-only root filesystem. - Default is false. - type: bool - run_as_non_root: - description: - - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, - no such validation will be performed. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: int - se_linux_options: - description: - - The SELinux context to be applied to the container. If - unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the container. - type: str - role: - description: - - Role is a SELinux role label that applies to the container. - type: str - type: - description: - - Type is a SELinux type label that applies to the container. - type: str - user: - description: - - User is a SELinux user label that applies to the container. - type: str - stdin: - description: - - Whether this container should allocate a buffer for stdin - in the container runtime. If this is not set, reads from stdin - in the container will always result in EOF. Default is false. - type: bool - stdin_once: - description: - - Whether the container runtime should close the stdin channel - after it has been opened by a single attach. When stdin is - true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on - container start, is empty until the first client attaches - to stdin, and then remains open and accepts data until the - client disconnects, at which time stdin is closed and remains - closed until the container is restarted. If this flag is false, - a container processes that reads from stdin will never receive - an EOF. Default is false - type: bool - termination_message_path: - description: - - "Optional: Path at which the file to which the container's\ - \ termination message will be written is mounted into the\ - \ container's filesystem. Message written is intended to be\ - \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." - type: str - tty: - description: - - Whether this container should allocate a TTY for itself, also - requires 'stdin' to be true. Default is false. - type: bool - volume_mounts: - description: - - Pod volumes to mount into the container's filesystem. Cannot - be updated. - type: list - contains: - mount_path: - description: - - Path within the container at which the volume should be - mounted. Must not contain ':'. - type: str - name: - description: - - This must match the Name of a Volume. - type: str - read_only: - description: - - Mounted read-only if true, read-write otherwise (false - or unspecified). Defaults to false. - type: bool - sub_path: - description: - - Path within the volume from which the container's volume - should be mounted. Defaults to "" (volume's root). - type: str - working_dir: - description: - - Container's working directory. If not specified, the container - runtime's default will be used, which might be configured - in the container image. Cannot be updated. - type: str - dns_policy: - description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". - type: str - host_ipc: - description: - - "Use the host's ipc namespace. Optional: Default to false." - type: bool - host_network: - description: - - Host networking requested for this pod. Use the host's network - namespace. If this option is set, the ports that will be used - must be specified. Default to false. - type: bool - host_pid: - description: - - "Use the host's pid namespace. Optional: Default to false." - type: bool - hostname: - description: - - Specifies the hostname of the Pod If not specified, the pod's - hostname will be set to a system-defined value. - type: str - image_pull_secrets: - description: - - ImagePullSecrets is an optional list of references to secrets - in the same namespace to use for pulling any of the images used - by this PodSpec. If specified, these secrets will be passed to - individual puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets are honored. - type: list - contains: - name: - description: - - Name of the referent. - type: str - node_name: - description: - - NodeName is a request to schedule this pod onto a specific node. - If it is non-empty, the scheduler simply schedules this pod onto - that node, assuming that it fits resource requirements. - type: str - node_selector: - description: - - NodeSelector is a selector which must be true for the pod to fit - on a node. Selector which must match a node's labels for the pod - to be scheduled on that node. - type: complex - contains: str, str - restart_policy: - description: - - Restart policy for all containers within the pod. One of Always, - OnFailure, Never. Default to Always. - type: str - security_context: - description: - - 'SecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description - for default values of each field.' - type: complex - contains: - fs_group: - description: - - "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change\ - \ the ownership of that volume to be owned by the pod: 1.\ - \ The owning GID will be the FSGroup 2. The setgid bit is\ - \ set (new files created in the volume will be owned by FSGroup)\ - \ 3. The permission bits are OR'd with rw-rw---- If unset,\ - \ the Kubelet will not modify the ownership and permissions\ - \ of any volume." - type: int - run_as_non_root: - description: - - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to - ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also - be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - type: int - se_linux_options: - description: - - The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the container. - type: str - role: - description: - - Role is a SELinux role label that applies to the container. - type: str - type: - description: - - Type is a SELinux type label that applies to the container. - type: str - user: - description: - - User is a SELinux user label that applies to the container. - type: str - supplemental_groups: - description: - - A list of groups applied to the first process run in each - container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - type: list - contains: int - service_account: - description: - - 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: str - service_account_name: - description: - - ServiceAccountName is the name of the ServiceAccount to use to - run this pod. - type: str - subdomain: - description: - - If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will - not have a domainname at all. - type: str - termination_grace_period_seconds: - description: - - Optional duration in seconds the pod needs to terminate gracefully. - May be decreased in delete request. Value must be non-negative - integer. The value zero indicates delete immediately. If this - value is nil, the default grace period will be used instead. The - grace period is the duration in seconds after the processes running - in the pod are sent a termination signal and the time when the - processes are forcibly halted with a kill signal. Set this value - longer than the expected cleanup time for your process. Defaults - to 30 seconds. - type: int - volumes: - description: - - List of volumes that can be mounted by containers belonging to - the pod. - type: list - contains: - aws_elastic_block_store: - description: - - AWSElasticBlockStore represents an AWS Disk resource that - is attached to a kubelet's host machine and then exposed to - the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. If - omitted, the default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or - you can leave the property empty).' - type: int - read_only: - description: - - Specify "true" to force and set the ReadOnly property - in VolumeMounts to "true". If omitted, the default is - "false". - type: bool - volume_id: - description: - - Unique ID of the persistent disk resource in AWS (Amazon - EBS volume). - type: str - azure_disk: - description: - - AzureDisk represents an Azure Data Disk mount on the host - and bind mount to the pod. - type: complex - contains: - caching_mode: - description: - - 'Host Caching mode: None, Read Only, Read Write.' - type: str - disk_name: - description: - - The Name of the data disk in the blob storage - type: str - disk_uri: - description: - - The URI the data disk in the blob storage - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - read_only: - description: - - Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: bool - azure_file: - description: - - AzureFile represents an Azure File Service mount on the host - and bind mount to the pod. - type: complex - contains: - read_only: - description: - - Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: bool - secret_name: - description: - - the name of secret that contains Azure Storage Account - Name and Key - type: str - share_name: - description: - - Share Name - type: str - cephfs: - description: - - CephFS represents a Ceph FS mount on the host that shares - a pod's lifetime - type: complex - contains: - monitors: - description: - - 'Required: Monitors is a collection of Ceph monitors' - type: list - contains: str - path: - description: - - 'Optional: Used as the mounted root, rather than the full - Ceph tree, default is /' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_file: - description: - - 'Optional: SecretFile is the path to key ring for User, - default is /etc/ceph/user.secret' - type: str - secret_ref: - description: - - 'Optional: SecretRef is reference to the authentication - secret for User, default is empty.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - 'Optional: User is the rados user name, default is admin' - type: str - cinder: - description: - - Cinder represents a cinder volume attached and mounted on - kubelets host machine - type: complex - contains: - fs_type: - description: - - 'Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - volume_id: - description: - - volume id used to identify the volume in cinder - type: str - config_map: - description: - - ConfigMap represents a configMap that should populate this - volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect - the file mode, like fsGroup, and the result can be other - mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced ConfigMap will be projected into the - volume as a file whose name is the key and content is - the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must be - a value between 0 and 0777. If not specified, the - volume defaultMode will be used. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - type: int - path: - description: - - The relative path of the file to map the key to. May - not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: str - name: - description: - - Name of the referent. - type: str - downward_api: - description: - - DownwardAPI represents downward API about the pod that should - populate this volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect - the file mode, like fsGroup, and the result can be other - mode bits set.' - type: int - items: - description: - - Items is a list of downward API volume file - type: list - contains: - field_ref: - description: - - 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are supported.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified API - version. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must be - a value between 0 and 0777. If not specified, the - volume defaultMode will be used. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - type: int - path: - description: - - "Required: Path is the relative path name of the file\ - \ to be created. Must not be absolute or contain the\ - \ '..' path. Must be utf-8 encoded. The first item\ - \ of the relative path must not start with '..'" - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed resources, - defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - empty_dir: - description: - - EmptyDir represents a temporary directory that shares a pod's - lifetime. - type: complex - contains: - medium: - description: - - What type of storage medium should back this directory. - The default is "" which means to use the node's default - medium. Must be an empty string (default) or Memory. - type: str - fc: - description: - - FC represents a Fibre Channel resource that is attached to - a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - lun: - description: - - 'Required: FC target lun number' - type: int - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - target_ww_ns: - description: - - 'Required: FC target worldwide names (WWNs)' - type: list - contains: str - flex_volume: - description: - - FlexVolume represents a generic volume resource that is provisioned/attached - using an exec based plugin. This is an alpha feature and may - change in future. - type: complex - contains: - driver: - description: - - Driver is the name of the driver to use for this volume. - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on FlexVolume script. - type: str - options: - description: - - 'Optional: Extra command options if any.' - type: complex - contains: str, str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_ref: - description: - - 'Optional: SecretRef is reference to the secret object - containing sensitive information to pass to the plugin - scripts. This may be empty if no secret object is specified. - If the secret object contains more than one secret, all - secrets are passed to the plugin scripts.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - flocker: - description: - - Flocker represents a Flocker volume attached to a kubelet's - host machine. This depends on the Flocker control service - being running - type: complex - contains: - dataset_name: - description: - - Name of the dataset stored as metadata -> name on the - dataset for Flocker should be considered as deprecated - type: str - dataset_uuid: - description: - - UUID of the dataset. This is unique identifier of a Flocker - dataset - type: str - gce_persistent_disk: - description: - - GCEPersistentDisk represents a GCE Disk resource that is attached - to a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. If - omitted, the default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or - you can leave the property empty).' - type: int - pd_name: - description: - - Unique name of the PD resource in GCE. Used to identify - the disk in GCE. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - git_repo: - description: - - GitRepo represents a git repository at a particular revision. - type: complex - contains: - directory: - description: - - Target directory name. Must not contain or start with - '..'. If '.' is supplied, the volume directory will be - the git repository. Otherwise, if specified, the volume - will contain the git repository in the subdirectory with - the given name. - type: str - repository: - description: - - Repository URL - type: str - revision: - description: - - Commit hash for the specified revision. - type: str - glusterfs: - description: - - Glusterfs represents a Glusterfs mount on the host that shares - a pod's lifetime. - type: complex - contains: - endpoints: - description: - - EndpointsName is the endpoint name that details Glusterfs - topology. - type: str - path: - description: - - Path is the Glusterfs volume path. - type: str - read_only: - description: - - ReadOnly here will force the Glusterfs volume to be mounted - with read-only permissions. Defaults to false. - type: bool - host_path: - description: - - HostPath represents a pre-existing file or directory on the - host machine that is directly exposed to the container. This - is generally used for system agents or other privileged things - that are allowed to see the host machine. Most containers - will NOT need this. - type: complex - contains: - path: - description: - - Path of the directory on the host. - type: str - iscsi: - description: - - ISCSI represents an ISCSI Disk resource that is attached to - a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - iqn: - description: - - Target iSCSI Qualified Name. - type: str - iscsi_interface: - description: - - "Optional: Defaults to 'default' (tcp). iSCSI interface\ - \ name that uses an iSCSI transport." - type: str - lun: - description: - - iSCSI target lun number. - type: int - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - target_portal: - description: - - iSCSI target portal. The portal is either an IP or ip_addr:port - if the port is other than default (typically TCP ports - 860 and 3260). - type: str - name: - description: - - Volume's name. Must be a DNS_LABEL and unique within the pod. - type: str - nfs: - description: - - NFS represents an NFS mount on the host that shares a pod's - lifetime - type: complex - contains: - path: - description: - - Path that is exported by the NFS server. - type: str - read_only: - description: - - ReadOnly here will force the NFS export to be mounted - with read-only permissions. Defaults to false. - type: bool - server: - description: - - Server is the hostname or IP address of the NFS server. - type: str - persistent_volume_claim: - description: - - PersistentVolumeClaimVolumeSource represents a reference to - a PersistentVolumeClaim in the same namespace. - type: complex - contains: - claim_name: - description: - - ClaimName is the name of a PersistentVolumeClaim in the - same namespace as the pod using this volume. - type: str - read_only: - description: - - Will force the ReadOnly setting in VolumeMounts. Default - false. - type: bool - photon_persistent_disk: - description: - - PhotonPersistentDisk represents a PhotonController persistent - disk attached and mounted on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - pd_id: - description: - - ID that identifies Photon Controller persistent disk - type: str - quobyte: - description: - - Quobyte represents a Quobyte mount on the host that shares - a pod's lifetime - type: complex - contains: - group: - description: - - Group to map volume access to Default is no group - type: str - read_only: - description: - - ReadOnly here will force the Quobyte volume to be mounted - with read-only permissions. Defaults to false. - type: bool - registry: - description: - - Registry represents a single or multiple Quobyte Registry - services specified as a string as host:port pair (multiple - entries are separated with commas) which acts as the central - registry for volumes - type: str - user: - description: - - User to map volume access to Defaults to serivceaccount - user - type: str - volume: - description: - - Volume is a string that references an already created - Quobyte volume by name. - type: str - rbd: - description: - - RBD represents a Rados Block Device mount on the host that - shares a pod's lifetime. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - image: - description: - - The rados image name. - type: str - keyring: - description: - - Keyring is the path to key ring for RBDUser. Default is - /etc/ceph/keyring. - type: str - monitors: - description: - - A collection of Ceph monitors. - type: list - contains: str - pool: - description: - - The rados pool name. Default is rbd. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - secret_ref: - description: - - SecretRef is name of the authentication secret for RBDUser. - If provided overrides keyring. Default is nil. - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - The rados user name. Default is admin. - type: str - secret: - description: - - Secret represents a secret that should populate this volume. - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect - the file mode, like fsGroup, and the result can be other - mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced Secret will be projected into the volume - as a file whose name is the key and content is the value. - If specified, the listed keys will be projected into the - specified paths, and unlisted keys will not be present. - If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must be - a value between 0 and 0777. If not specified, the - volume defaultMode will be used. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - type: int - path: - description: - - The relative path of the file to map the key to. May - not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: str - secret_name: - description: - - Name of the secret in the pod's namespace to use. - type: str - vsphere_volume: - description: - - VsphereVolume represents a vSphere volume attached and mounted - on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - volume_path: - description: - - Path that identifies vSphere volume vmdk - type: str - status: - description: - - Most recently observed status of the Deployment. - type: complex - contains: - available_replicas: - description: - - Total number of available pods (ready for at least minReadySeconds) targeted - by this deployment. - type: int - conditions: - description: - - Represents the latest available observations of a deployment's current - state. - type: list - contains: - last_transition_time: - description: - - Last time the condition transitioned from one status to another. - type: complex - contains: {} - last_update_time: - description: - - The last time this condition was updated. - type: complex - contains: {} - message: - description: - - A human readable message indicating details about the transition. - type: str - reason: - description: - - The reason for the condition's last transition. - type: str - status: - description: - - Status of the condition, one of True, False, Unknown. - type: str - type: - description: - - Type of deployment condition. - type: str - observed_generation: - description: - - The generation observed by the deployment controller. - type: int - replicas: - description: - - Total number of non-terminated pods targeted by this deployment (their - labels match the selector). - type: int - unavailable_replicas: - description: - - Total number of unavailable pods targeted by this deployment. - type: int - updated_replicas: - description: - - Total number of non-terminated pods targeted by this deployment that have - the desired template spec. - type: int -''' - - -def main(): - try: - module = KubernetesAnsibleModule('deployment', 'V1beta1') - except KubernetesAnsibleException as exc: - # The helper failed to init, so there is no module object. All we can do is raise the error. - raise Exception(exc.message) - - try: - module.execute_module() - except KubernetesAnsibleException as exc: - module.fail_json(msg="Module failed!", error=str(exc)) - - -if __name__ == '__main__': - main() diff --git a/library/k8s_v1beta1_deployment_list.py b/library/k8s_v1beta1_deployment_list.py deleted file mode 100644 index 7fdc9a97..00000000 --- a/library/k8s_v1beta1_deployment_list.py +++ /dev/null @@ -1,2298 +0,0 @@ -#!/usr/bin/env python - -from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException - -DOCUMENTATION = ''' -module: k8s_v1beta1_deployment_list -short_description: Kubernetes DeploymentList -description: -- Retrieve a list of deployments. List operations provide a snapshot read of the underlying - objects, returning a resource_version representing a consistent version of the listed - objects. -version_added: 2.3.0 -author: OpenShift (@openshift) -options: - api_key: - description: - - Token used to connect to the API. - cert_file: - description: - - Path to a certificate used to authenticate with the API. - type: path - context: - description: - - The name of a context found in the Kubernetes config file. - debug: - description: - - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log - default: false - type: bool - force: - description: - - If set to C(True), and I(state) is C(present), an existing object will updated, - and lists will be replaced, rather than merged. - default: false - type: bool - host: - description: - - Provide a URL for acessing the Kubernetes API. - key_file: - description: - - Path to a key file used to authenticate with the API. - type: path - kubeconfig: - description: - - Path to an existing Kubernetes config file. If not provided, and no other connection - options are provided, the openshift client will attempt to load the default - configuration file from I(~/.kube/config.json). - type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. - password: - description: - - Provide a password for connecting to the API. Use in conjunction with I(username). - resource_definition: - description: - - Provide the YAML definition for the object, bypassing any modules parameters - intended to define object attributes. - type: dict - src: - description: - - Provide a path to a file containing the YAML definition of the object. Mutually - exclusive with I(resource_definition). - type: path - ssl_ca_cert: - description: - - Path to a CA certificate used to authenticate with the API. - type: path - state: - description: - - Determines if an object should be created, patched, or deleted. When set to - C(present), the object will be created, if it does not exist, or patched, if - parameter values differ from the existing object's attributes, and deleted, - if set to C(absent). A patch operation results in merging lists and updating - dictionaries, with lists being merged into a unique set of values. If a list - contains a dictionary with a I(name) or I(type) attribute, a strategic merge - is performed, where individual elements with a matching I(name_) or I(type) - are merged. To force the replacement of lists, set the I(force) option to C(True). - default: present - choices: - - present - - absent - username: - description: - - Provide a username for connecting to the API. - verify_ssl: - description: - - Whether or not to verify the API server's SSL certificates. - type: bool -requirements: -- kubernetes == 1.0.0 -''' - -EXAMPLES = ''' -''' - -RETURN = ''' -api_version: - type: string - description: Requested API version -deployment_list: - type: complex - returned: when I(state) = C(present) - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - type: str - items: - description: - - Items is the list of Deployments. - type: list - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, - and may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. In CamelCase. - type: str - metadata: - description: - - Standard object metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource - that may be set by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be preserved when modifying - objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used - to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver is - going to ignore it if set in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. - It is represented in RFC3339 form and is in UTC. Populated by the - system. Read-only. Null for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource - will be deleted. This field is set by the server when a graceful deletion - is requested by the user, and is not directly settable by a client. - The resource is expected to be deleted (no longer visible from resource - lists, and not reachable by name) after the time in this field. Once - set, this value may not be unset or be set further into the future, - although it may be shortened or the resource may be deleted prior - to this time. For example, a user may request that a pod is deleted - in 30 seconds. The Kubelet will react by sending a graceful termination - signal to the containers in the pod. After that 30 seconds, the Kubelet - will send a hard termination signal (SIGKILL) to the container and - after cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, until - an administrator or automated process can determine the resource is - fully terminated. If not set, graceful deletion of the object has - not been requested. Populated by the system when a graceful deletion - is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. Each - entry is an identifier for the responsible component that will remove - the entry from the list. If the deletionTimestamp of the object is - non-nil, entries in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate - a unique name ONLY IF the Name field has not been provided. If this - field is used, the name returned to the client will be different than - the name passed. This value will also be combined with a unique suffix. - The provided value has the same validation rules as the Name field, - and may be truncated by the length of the suffix required to make - the value unique on the server. If this field is specified and the - generated name exists, the server will NOT return a 409 - instead, - it will either return 201 Created or 500 with Reason ServerTimeout - indicating a unique name could not be found in the time allotted, - and the client should retry (optionally after the time indicated in - the Retry-After header). Applied only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired - state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request the - generation of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration definition. Cannot - be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An empty - namespace is equivalent to the "default" namespace, but "default" - is the canonical representation. Not all objects are required to be - scoped to a namespace - the value of this field for those objects - will be empty. Must be a DNS_LABEL. Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the list - have been deleted, this object will be garbage collected. If this - object is managed by a controller, then an entry in this list will - point to this controller, with the controller field set to true. There - cannot be more than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object - that can be used by clients to determine when objects have changed. - May be used for optimistic concurrency, change detection, and the - watch operation on a resource or set of resources. Clients must treat - these values as opaque and passed unmodified back to the server. They - may only be valid for a particular resource or set of resources. Populated - by the system. Read-only. Value must be treated as opaque by clients - and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. - Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It is typically - generated by the server on successful creation of a resource and is - not allowed to change on PUT operations. Populated by the system. - Read-only. - type: str - spec: - description: - - Specification of the desired behavior of the Deployment. - type: complex - contains: - min_ready_seconds: - description: - - Minimum number of seconds for which a newly created pod should be - ready without any of its container crashing, for it to be considered - available. Defaults to 0 (pod will be considered available as soon - as it is ready) - type: int - paused: - description: - - Indicates that the deployment is paused and will not be processed - by the deployment controller. - type: bool - progress_deadline_seconds: - description: - - The maximum time in seconds for a deployment to make progress before - it is considered to be failed. The deployment controller will continue - to process failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. Once autoRollback - is implemented, the deployment controller will automatically rollback - failed deployments. Note that progress will not be estimated during - the time a deployment is paused. This is not set by default. - type: int - replicas: - description: - - Number of desired pods. This is a pointer to distinguish between explicit - zero and not specified. Defaults to 1. - type: int - revision_history_limit: - description: - - The number of old ReplicaSets to retain to allow rollback. This is - a pointer to distinguish between explicit zero and not specified. - type: int - rollback_to: - description: - - The config this deployment is rolling back to. Will be cleared after - rollback is done. - type: complex - contains: - revision: - description: - - The revision to rollback to. If set to 0, rollbck to the last - revision. - type: int - selector: - description: - - Label selector for pods. Existing ReplicaSets whose pods are selected - by this will be the ones affected by this deployment. - type: complex - contains: - match_expressions: - description: - - matchExpressions is a list of label selector requirements. The - requirements are ANDed. - type: list - contains: - key: - description: - - key is the label key that the selector applies to. - type: str - operator: - description: - - operator represents a key's relationship to a set of values. - Valid operators ard In, NotIn, Exists and DoesNotExist. - type: str - values: - description: - - values is an array of string values. If the operator is In - or NotIn, the values array must be non-empty. If the operator - is Exists or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge patch. - type: list - contains: str - match_labels: - description: - - matchLabels is a map of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", and the values - array contains only "value". The requirements are ANDed. - type: complex - contains: str, str - strategy: - description: - - The deployment strategy to use to replace existing pods with new ones. - type: complex - contains: - rolling_update: - description: - - Rolling update config params. Present only if DeploymentStrategyType - = RollingUpdate. - type: complex - contains: - max_surge: - description: - - 'The maximum number of pods that can be scheduled above the - desired number of pods. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). This can not - be 0 if MaxUnavailable is 0. Absolute number is calculated - from percentage by rounding up. By default, a value of 1 is - used. Example: when this is set to 30%, the new RC can be - scaled up immediately when the rolling update starts, such - that the total number of old and new pods do not exceed 130% - of desired pods. Once old pods have been killed, new RC can - be scaled up further, ensuring that total number of pods running - at any time during the update is atmost 130% of desired pods.' - type: complex - contains: {} - max_unavailable: - description: - - 'The maximum number of pods that can be unavailable during - the update. Value can be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). Absolute number is calculated from - percentage by rounding up. This can not be 0 if MaxSurge is - 0. By default, a fixed value of 1 is used. Example: when this - is set to 30%, the old RC can be scaled down to 70% of desired - pods immediately when the rolling update starts. Once new - pods are ready, old RC can be scaled down further, followed - by scaling up the new RC, ensuring that the total number of - pods available at all times during the update is at least - 70% of desired pods.' - type: complex - contains: {} - type: - description: - - Type of deployment. Can be "Recreate" or "RollingUpdate". Default - is RollingUpdate. - type: str - template: - description: - - Template describes the pods that will be created. - type: complex - contains: - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a - resource that may be set by external tools to store and retrieve - arbitrary metadata. They are not queryable and should be preserved - when modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This - is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right - now and apiserver is going to ignore it if set in create or - update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set - in happens-before order across separate operations. Clients - may not set this value. It is represented in RFC3339 form - and is in UTC. Populated by the system. Read-only. Null for - lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this - resource will be deleted. This field is set by the server - when a graceful deletion is requested by the user, and is - not directly settable by a client. The resource is expected - to be deleted (no longer visible from resource lists, and - not reachable by name) after the time in this field. Once - set, this value may not be unset or be set further into the - future, although it may be shortened or the resource may be - deleted prior to this time. For example, a user may request - that a pod is deleted in 30 seconds. The Kubelet will react - by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a - hard termination signal (SIGKILL) to the container and after - cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, - until an administrator or automated process can determine - the resource is fully terminated. If not set, graceful deletion - of the object has not been requested. Populated by the system - when a graceful deletion is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be - removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to - generate a unique name ONLY IF the Name field has not been - provided. If this field is used, the name returned to the - client will be different than the name passed. This value - will also be combined with a unique suffix. The provided value - has the same validation rules as the Name field, and may be - truncated by the length of the suffix required to make the - value unique on the server. If this field is specified and - the generated name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found - in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied - only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the - desired state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors - of replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name - is primarily intended for creation idempotence and configuration - definition. Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. - An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. - Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in - the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in - this list will point to this controller, with the controller - field set to true. There cannot be more than one managing - controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this - object that can be used by clients to determine when objects - have changed. May be used for optimistic concurrency, change - detection, and the watch operation on a resource or set of - resources. Clients must treat these values as opaque and passed - unmodified back to the server. They may only be valid for - a particular resource or set of resources. Populated by the - system. Read-only. Value must be treated as opaque by clients - and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the - system. Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. - It is typically generated by the server on successful creation - of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. - type: str - spec: - description: - - Specification of the desired behavior of the pod. - type: complex - contains: - active_deadline_seconds: - description: - - Optional duration in seconds the pod may be active on the - node relative to StartTime before the system will actively - try to mark it failed and kill associated containers. Value - must be a positive integer. - type: int - containers: - description: - - List of containers belonging to the pod. Containers cannot - currently be added or removed. There must be at least one - container in a Pod. Cannot be updated. - type: list - contains: - args: - description: - - "Arguments to the entrypoint. The docker image's CMD is\ - \ used if this is not provided. Variable references $(VAR_NAME)\ - \ are expanded using the container's environment. If a\ - \ variable cannot be resolved, the reference in the input\ - \ string will be unchanged. The $(VAR_NAME) syntax can\ - \ be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ - \ references will never be expanded, regardless of whether\ - \ the variable exists or not. Cannot be updated." - type: list - contains: str - command: - description: - - "Entrypoint array. Not executed within a shell. The docker\ - \ image's ENTRYPOINT is used if this is not provided.\ - \ Variable references $(VAR_NAME) are expanded using the\ - \ container's environment. If a variable cannot be resolved,\ - \ the reference in the input string will be unchanged.\ - \ The $(VAR_NAME) syntax can be escaped with a double\ - \ $$, ie: $$(VAR_NAME). Escaped references will never\ - \ be expanded, regardless of whether the variable exists\ - \ or not. Cannot be updated." - type: list - contains: str - env: - description: - - List of environment variables to set in the container. - Cannot be updated. - type: list - contains: - name: - description: - - Name of the environment variable. Must be a C_IDENTIFIER. - type: str - value: - description: - - 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the - container and any service environment variables. If - a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to - "".' - type: str - value_from: - description: - - Source for the environment variable's value. Cannot - be used if value is not empty. - type: complex - contains: - config_map_key_ref: - description: - - Selects a key of a ConfigMap. - type: complex - contains: - key: - description: - - The key to select. - type: str - name: - description: - - Name of the referent. - type: str - field_ref: - description: - - 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified - API version. - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are currently - supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed - resources, defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - secret_key_ref: - description: - - Selects a key of a secret in the pod's namespace - type: complex - contains: - key: - description: - - The key of the secret to select from. Must - be a valid secret key. - type: str - name: - description: - - Name of the referent. - type: str - image: - description: - - Docker image name. - type: str - image_pull_policy: - description: - - Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. - type: str - lifecycle: - description: - - Actions that the management system should take in response - to container lifecycle events. Cannot be updated. - type: complex - contains: - post_start: - description: - - PostStart is called immediately after a container - is created. If the handler fails, the container is - terminated and restarted according to its restart - policy. Other management of the container blocks until - the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run - inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you - need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP - allows repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. - Defaults to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - pre_stop: - description: - - PreStop is called immediately before a container is - terminated. The container is terminated after the - handler completes. The reason for termination is passed - to the handler. Regardless of the outcome of the handler, - the container is eventually terminated. Other management - of the container blocks until the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run - inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you - need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP - allows repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. - Defaults to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - liveness_probe: - description: - - Periodic probe of container liveness. Container will be - restarted if the probe fails. Cannot be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started - before liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - type: int - name: - description: - - Name of the container specified as a DNS_LABEL. Each container - in a pod must have a unique name (DNS_LABEL). Cannot be - updated. - type: str - ports: - description: - - List of ports to expose from the container. Exposing a - port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will - be accessible from the network. Cannot be updated. - type: list - contains: - container_port: - description: - - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - type: int - host_ip: - description: - - What host IP to bind the external port to. - type: str - host_port: - description: - - Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If - HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - type: int - name: - description: - - If specified, this must be an IANA_SVC_NAME and unique - within the pod. Each named port in a pod must have - a unique name. Name for the port that can be referred - to by services. - type: str - protocol: - description: - - Protocol for port. Must be UDP or TCP. Defaults to - "TCP". - type: str - readiness_probe: - description: - - Periodic probe of container service readiness. Container - will be removed from service endpoints if the probe fails. - Cannot be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started - before liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - type: int - resources: - description: - - Compute Resources required by this container. Cannot be - updated. - type: complex - contains: - limits: - description: - - Limits describes the maximum amount of compute resources - allowed. - type: complex - contains: str, ResourceQuantity - requests: - description: - - Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. - type: complex - contains: str, ResourceQuantity - security_context: - description: - - Security options the pod should run with. - type: complex - contains: - capabilities: - description: - - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted - by the container runtime. - type: complex - contains: - add: - description: - - Added capabilities - type: list - contains: str - drop: - description: - - Removed capabilities - type: list - contains: str - privileged: - description: - - Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the - host. Defaults to false. - type: bool - read_only_root_filesystem: - description: - - Whether this container has a read-only root filesystem. - Default is false. - type: bool - run_as_non_root: - description: - - Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image - at runtime to ensure that it does not run as UID 0 - (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: int - se_linux_options: - description: - - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate - a random SELinux context for each container. May also - be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the - container. - type: str - role: - description: - - Role is a SELinux role label that applies to the - container. - type: str - type: - description: - - Type is a SELinux type label that applies to the - container. - type: str - user: - description: - - User is a SELinux user label that applies to the - container. - type: str - stdin: - description: - - Whether this container should allocate a buffer for stdin - in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default - is false. - type: bool - stdin_once: - description: - - Whether the container runtime should close the stdin channel - after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple - attach sessions. If stdinOnce is set to true, stdin is - opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If - this flag is false, a container processes that reads from - stdin will never receive an EOF. Default is false - type: bool - termination_message_path: - description: - - "Optional: Path at which the file to which the container's\ - \ termination message will be written is mounted into\ - \ the container's filesystem. Message written is intended\ - \ to be brief final status, such as an assertion failure\ - \ message. Defaults to /dev/termination-log. Cannot be\ - \ updated." - type: str - tty: - description: - - Whether this container should allocate a TTY for itself, - also requires 'stdin' to be true. Default is false. - type: bool - volume_mounts: - description: - - Pod volumes to mount into the container's filesystem. - Cannot be updated. - type: list - contains: - mount_path: - description: - - Path within the container at which the volume should - be mounted. Must not contain ':'. - type: str - name: - description: - - This must match the Name of a Volume. - type: str - read_only: - description: - - Mounted read-only if true, read-write otherwise (false - or unspecified). Defaults to false. - type: bool - sub_path: - description: - - Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's - root). - type: str - working_dir: - description: - - Container's working directory. If not specified, the container - runtime's default will be used, which might be configured - in the container image. Cannot be updated. - type: str - dns_policy: - description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". - type: str - host_ipc: - description: - - "Use the host's ipc namespace. Optional: Default to false." - type: bool - host_network: - description: - - Host networking requested for this pod. Use the host's network - namespace. If this option is set, the ports that will be used - must be specified. Default to false. - type: bool - host_pid: - description: - - "Use the host's pid namespace. Optional: Default to false." - type: bool - hostname: - description: - - Specifies the hostname of the Pod If not specified, the pod's - hostname will be set to a system-defined value. - type: str - image_pull_secrets: - description: - - ImagePullSecrets is an optional list of references to secrets - in the same namespace to use for pulling any of the images - used by this PodSpec. If specified, these secrets will be - passed to individual puller implementations for them to use. - For example, in the case of docker, only DockerConfig type - secrets are honored. - type: list - contains: - name: - description: - - Name of the referent. - type: str - node_name: - description: - - NodeName is a request to schedule this pod onto a specific - node. If it is non-empty, the scheduler simply schedules this - pod onto that node, assuming that it fits resource requirements. - type: str - node_selector: - description: - - NodeSelector is a selector which must be true for the pod - to fit on a node. Selector which must match a node's labels - for the pod to be scheduled on that node. - type: complex - contains: str, str - restart_policy: - description: - - Restart policy for all containers within the pod. One of Always, - OnFailure, Never. Default to Always. - type: str - security_context: - description: - - 'SecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type - description for default values of each field.' - type: complex - contains: - fs_group: - description: - - "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change\ - \ the ownership of that volume to be owned by the pod:\ - \ 1. The owning GID will be the FSGroup 2. The setgid\ - \ bit is set (new files created in the volume will be\ - \ owned by FSGroup) 3. The permission bits are OR'd with\ - \ rw-rw---- If unset, the Kubelet will not modify the\ - \ ownership and permissions of any volume." - type: int - run_as_non_root: - description: - - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, - no such validation will be performed. May also be set - in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - type: int - se_linux_options: - description: - - The SELinux context to be applied to all containers. If - unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the container. - type: str - role: - description: - - Role is a SELinux role label that applies to the container. - type: str - type: - description: - - Type is a SELinux type label that applies to the container. - type: str - user: - description: - - User is a SELinux user label that applies to the container. - type: str - supplemental_groups: - description: - - A list of groups applied to the first process run in each - container, in addition to the container's primary GID. - If unspecified, no groups will be added to any container. - type: list - contains: int - service_account: - description: - - 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: str - service_account_name: - description: - - ServiceAccountName is the name of the ServiceAccount to use - to run this pod. - type: str - subdomain: - description: - - If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod - will not have a domainname at all. - type: str - termination_grace_period_seconds: - description: - - Optional duration in seconds the pod needs to terminate gracefully. - May be decreased in delete request. Value must be non-negative - integer. The value zero indicates delete immediately. If this - value is nil, the default grace period will be used instead. - The grace period is the duration in seconds after the processes - running in the pod are sent a termination signal and the time - when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your - process. Defaults to 30 seconds. - type: int - volumes: - description: - - List of volumes that can be mounted by containers belonging - to the pod. - type: list - contains: - aws_elastic_block_store: - description: - - AWSElasticBlockStore represents an AWS Disk resource that - is attached to a kubelet's host machine and then exposed - to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda - is "0" (or you can leave the property empty).' - type: int - read_only: - description: - - Specify "true" to force and set the ReadOnly property - in VolumeMounts to "true". If omitted, the default - is "false". - type: bool - volume_id: - description: - - Unique ID of the persistent disk resource in AWS (Amazon - EBS volume). - type: str - azure_disk: - description: - - AzureDisk represents an Azure Data Disk mount on the host - and bind mount to the pod. - type: complex - contains: - caching_mode: - description: - - 'Host Caching mode: None, Read Only, Read Write.' - type: str - disk_name: - description: - - The Name of the data disk in the blob storage - type: str - disk_uri: - description: - - The URI the data disk in the blob storage - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - read_only: - description: - - Defaults to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - type: bool - azure_file: - description: - - AzureFile represents an Azure File Service mount on the - host and bind mount to the pod. - type: complex - contains: - read_only: - description: - - Defaults to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - type: bool - secret_name: - description: - - the name of secret that contains Azure Storage Account - Name and Key - type: str - share_name: - description: - - Share Name - type: str - cephfs: - description: - - CephFS represents a Ceph FS mount on the host that shares - a pod's lifetime - type: complex - contains: - monitors: - description: - - 'Required: Monitors is a collection of Ceph monitors' - type: list - contains: str - path: - description: - - 'Optional: Used as the mounted root, rather than the - full Ceph tree, default is /' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_file: - description: - - 'Optional: SecretFile is the path to key ring for - User, default is /etc/ceph/user.secret' - type: str - secret_ref: - description: - - 'Optional: SecretRef is reference to the authentication - secret for User, default is empty.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - 'Optional: User is the rados user name, default is - admin' - type: str - cinder: - description: - - Cinder represents a cinder volume attached and mounted - on kubelets host machine - type: complex - contains: - fs_type: - description: - - 'Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified.' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - volume_id: - description: - - volume id used to identify the volume in cinder - type: str - config_map: - description: - - ConfigMap represents a configMap that should populate - this volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this - setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced ConfigMap will be projected into - the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys - will not be present. If a key is specified which is - not present in the ConfigMap, the volume setup will - error. Paths must be relative and may not contain - the '..' path or start with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result can - be other mode bits set.' - type: int - path: - description: - - The relative path of the file to map the key to. - May not be an absolute path. May not contain the - path element '..'. May not start with the string - '..'. - type: str - name: - description: - - Name of the referent. - type: str - downward_api: - description: - - DownwardAPI represents downward API about the pod that - should populate this volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this - setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: int - items: - description: - - Items is a list of downward API volume file - type: list - contains: - field_ref: - description: - - 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are supported.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified - API version. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result can - be other mode bits set.' - type: int - path: - description: - - "Required: Path is the relative path name of the\ - \ file to be created. Must not be absolute or\ - \ contain the '..' path. Must be utf-8 encoded.\ - \ The first item of the relative path must not\ - \ start with '..'" - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are currently - supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed - resources, defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - empty_dir: - description: - - EmptyDir represents a temporary directory that shares - a pod's lifetime. - type: complex - contains: - medium: - description: - - What type of storage medium should back this directory. - The default is "" which means to use the node's default - medium. Must be an empty string (default) or Memory. - type: str - fc: - description: - - FC represents a Fibre Channel resource that is attached - to a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - lun: - description: - - 'Required: FC target lun number' - type: int - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - target_ww_ns: - description: - - 'Required: FC target worldwide names (WWNs)' - type: list - contains: str - flex_volume: - description: - - FlexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. This - is an alpha feature and may change in future. - type: complex - contains: - driver: - description: - - Driver is the name of the driver to use for this volume. - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: str - options: - description: - - 'Optional: Extra command options if any.' - type: complex - contains: str, str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_ref: - description: - - 'Optional: SecretRef is reference to the secret object - containing sensitive information to pass to the plugin - scripts. This may be empty if no secret object is - specified. If the secret object contains more than - one secret, all secrets are passed to the plugin scripts.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - flocker: - description: - - Flocker represents a Flocker volume attached to a kubelet's - host machine. This depends on the Flocker control service - being running - type: complex - contains: - dataset_name: - description: - - Name of the dataset stored as metadata -> name on - the dataset for Flocker should be considered as deprecated - type: str - dataset_uuid: - description: - - UUID of the dataset. This is unique identifier of - a Flocker dataset - type: str - gce_persistent_disk: - description: - - GCEPersistentDisk represents a GCE Disk resource that - is attached to a kubelet's host machine and then exposed - to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda - is "0" (or you can leave the property empty).' - type: int - pd_name: - description: - - Unique name of the PD resource in GCE. Used to identify - the disk in GCE. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - git_repo: - description: - - GitRepo represents a git repository at a particular revision. - type: complex - contains: - directory: - description: - - Target directory name. Must not contain or start with - '..'. If '.' is supplied, the volume directory will - be the git repository. Otherwise, if specified, the - volume will contain the git repository in the subdirectory - with the given name. - type: str - repository: - description: - - Repository URL - type: str - revision: - description: - - Commit hash for the specified revision. - type: str - glusterfs: - description: - - Glusterfs represents a Glusterfs mount on the host that - shares a pod's lifetime. - type: complex - contains: - endpoints: - description: - - EndpointsName is the endpoint name that details Glusterfs - topology. - type: str - path: - description: - - Path is the Glusterfs volume path. - type: str - read_only: - description: - - ReadOnly here will force the Glusterfs volume to be - mounted with read-only permissions. Defaults to false. - type: bool - host_path: - description: - - HostPath represents a pre-existing file or directory on - the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most - containers will NOT need this. - type: complex - contains: - path: - description: - - Path of the directory on the host. - type: str - iscsi: - description: - - ISCSI represents an ISCSI Disk resource that is attached - to a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - iqn: - description: - - Target iSCSI Qualified Name. - type: str - iscsi_interface: - description: - - "Optional: Defaults to 'default' (tcp). iSCSI interface\ - \ name that uses an iSCSI transport." - type: str - lun: - description: - - iSCSI target lun number. - type: int - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - target_portal: - description: - - iSCSI target portal. The portal is either an IP or - ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). - type: str - name: - description: - - Volume's name. Must be a DNS_LABEL and unique within the - pod. - type: str - nfs: - description: - - NFS represents an NFS mount on the host that shares a - pod's lifetime - type: complex - contains: - path: - description: - - Path that is exported by the NFS server. - type: str - read_only: - description: - - ReadOnly here will force the NFS export to be mounted - with read-only permissions. Defaults to false. - type: bool - server: - description: - - Server is the hostname or IP address of the NFS server. - type: str - persistent_volume_claim: - description: - - PersistentVolumeClaimVolumeSource represents a reference - to a PersistentVolumeClaim in the same namespace. - type: complex - contains: - claim_name: - description: - - ClaimName is the name of a PersistentVolumeClaim in - the same namespace as the pod using this volume. - type: str - read_only: - description: - - Will force the ReadOnly setting in VolumeMounts. Default - false. - type: bool - photon_persistent_disk: - description: - - PhotonPersistentDisk represents a PhotonController persistent - disk attached and mounted on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - pd_id: - description: - - ID that identifies Photon Controller persistent disk - type: str - quobyte: - description: - - Quobyte represents a Quobyte mount on the host that shares - a pod's lifetime - type: complex - contains: - group: - description: - - Group to map volume access to Default is no group - type: str - read_only: - description: - - ReadOnly here will force the Quobyte volume to be - mounted with read-only permissions. Defaults to false. - type: bool - registry: - description: - - Registry represents a single or multiple Quobyte Registry - services specified as a string as host:port pair (multiple - entries are separated with commas) which acts as the - central registry for volumes - type: str - user: - description: - - User to map volume access to Defaults to serivceaccount - user - type: str - volume: - description: - - Volume is a string that references an already created - Quobyte volume by name. - type: str - rbd: - description: - - RBD represents a Rados Block Device mount on the host - that shares a pod's lifetime. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - image: - description: - - The rados image name. - type: str - keyring: - description: - - Keyring is the path to key ring for RBDUser. Default - is /etc/ceph/keyring. - type: str - monitors: - description: - - A collection of Ceph monitors. - type: list - contains: str - pool: - description: - - The rados pool name. Default is rbd. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - secret_ref: - description: - - SecretRef is name of the authentication secret for - RBDUser. If provided overrides keyring. Default is - nil. - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - The rados user name. Default is admin. - type: str - secret: - description: - - Secret represents a secret that should populate this volume. - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this - setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced Secret will be projected into the - volume as a file whose name is the key and content - is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys - will not be present. If a key is specified which is - not present in the Secret, the volume setup will error. - Paths must be relative and may not contain the '..' - path or start with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result can - be other mode bits set.' - type: int - path: - description: - - The relative path of the file to map the key to. - May not be an absolute path. May not contain the - path element '..'. May not start with the string - '..'. - type: str - secret_name: - description: - - Name of the secret in the pod's namespace to use. - type: str - vsphere_volume: - description: - - VsphereVolume represents a vSphere volume attached and - mounted on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - volume_path: - description: - - Path that identifies vSphere volume vmdk - type: str - status: - description: - - Most recently observed status of the Deployment. - type: complex - contains: - available_replicas: - description: - - Total number of available pods (ready for at least minReadySeconds) - targeted by this deployment. - type: int - conditions: - description: - - Represents the latest available observations of a deployment's current - state. - type: list - contains: - last_transition_time: - description: - - Last time the condition transitioned from one status to another. - type: complex - contains: {} - last_update_time: - description: - - The last time this condition was updated. - type: complex - contains: {} - message: - description: - - A human readable message indicating details about the transition. - type: str - reason: - description: - - The reason for the condition's last transition. - type: str - status: - description: - - Status of the condition, one of True, False, Unknown. - type: str - type: - description: - - Type of deployment condition. - type: str - observed_generation: - description: - - The generation observed by the deployment controller. - type: int - replicas: - description: - - Total number of non-terminated pods targeted by this deployment (their - labels match the selector). - type: int - unavailable_replicas: - description: - - Total number of unavailable pods targeted by this deployment. - type: int - updated_replicas: - description: - - Total number of non-terminated pods targeted by this deployment that - have the desired template spec. - type: int - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. - type: str - metadata: - description: - - Standard list metadata. - type: complex - contains: - resource_version: - description: - - String that identifies the server's internal version of this object that - can be used by clients to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified back to the server. - Populated by the system. Read-only. - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. Read-only. - type: str -''' - - -def main(): - try: - module = KubernetesAnsibleModule('deployment_list', 'V1beta1') - except KubernetesAnsibleException as exc: - # The helper failed to init, so there is no module object. All we can do is raise the error. - raise Exception(exc.message) - - try: - module.execute_module() - except KubernetesAnsibleException as exc: - module.fail_json(msg="Module failed!", error=str(exc)) - - -if __name__ == '__main__': - main() diff --git a/library/k8s_v1beta1_eviction.py b/library/k8s_v1beta1_eviction.py index 32b041c3..c19cc0dd 100644 --- a/library/k8s_v1beta1_eviction.py +++ b/library/k8s_v1beta1_eviction.py @@ -57,8 +57,10 @@ options: - kind delete_options_orphan_dependents: description: - - Should the dependent objects be orphaned. If true/false, the "orphan" finalizer - will be added to/removed from the object's finalizers list. + - "Deprecated: please use the PropagationPolicy, this field will be deprecated\ + \ in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\"\ + \ finalizer will be added to/removed from the object's finalizers list. Either\ + \ this field or PropagationPolicy may be set, but not both." aliases: - orphan_dependents type: bool @@ -67,6 +69,13 @@ options: - Specifies the target UID. aliases: - uid + delete_options_propagation_policy: + description: + - Whether and how garbage collection will be performed. Either this field or OrphanDependents + may be set, but not both. The default policy is decided by the existing finalizer + set in the metadata.finalizers and the resource-specific default policy. + aliases: + - propagation_policy force: description: - If set to C(True), and I(state) is C(present), an existing object will updated, @@ -118,7 +127,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -165,8 +174,10 @@ eviction: type: str orphan_dependents: description: - - Should the dependent objects be orphaned. If true/false, the "orphan" - finalizer will be added to/removed from the object's finalizers list. + - "Deprecated: please use the PropagationPolicy, this field will be deprecated\ + \ in 1.7. Should the dependent objects be orphaned. If true/false, the\ + \ \"orphan\" finalizer will be added to/removed from the object's finalizers\ + \ list. Either this field or PropagationPolicy may be set, but not both." type: bool preconditions: description: @@ -178,6 +189,13 @@ eviction: description: - Specifies the target UID. type: str + propagation_policy: + description: + - Whether and how garbage collection will be performed. Either this field + or OrphanDependents may be set, but not both. The default policy is decided + by the existing finalizer set in the metadata.finalizers and the resource-specific + default policy. + type: str kind: description: - Kind is a string value representing the REST resource this object represents. @@ -265,6 +283,150 @@ eviction: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -300,6 +462,14 @@ eviction: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1beta1_ingress.py b/library/k8s_v1beta1_ingress.py index b955d128..59c97ea9 100644 --- a/library/k8s_v1beta1_ingress.py +++ b/library/k8s_v1beta1_ingress.py @@ -133,7 +133,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -240,6 +240,150 @@ ingress: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -275,6 +419,14 @@ ingress: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -331,8 +483,7 @@ ingress: service_port: description: - Specifies the port of the referenced service. - type: complex - contains: {} + type: str rules: description: - A list of host rules used to configure the Ingress. If unspecified, or @@ -374,8 +525,7 @@ ingress: service_port: description: - Specifies the port of the referenced service. - type: complex - contains: {} + type: str path: description: - Path is an extended POSIX regex as defined by IEEE Std 1003.1, diff --git a/library/k8s_v1beta1_ingress_list.py b/library/k8s_v1beta1_ingress_list.py index ff4bc656..d1ace76b 100644 --- a/library/k8s_v1beta1_ingress_list.py +++ b/library/k8s_v1beta1_ingress_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ ingress_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ ingress_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -305,8 +456,7 @@ ingress_list: service_port: description: - Specifies the port of the referenced service. - type: complex - contains: {} + type: str rules: description: - A list of host rules used to configure the Ingress. If unspecified, @@ -348,8 +498,7 @@ ingress_list: service_port: description: - Specifies the port of the referenced service. - type: complex - contains: {} + type: str path: description: - Path is an extended POSIX regex as defined by IEEE Std diff --git a/library/k8s_v1beta1_job.py b/library/k8s_v1beta1_job.py deleted file mode 100644 index 1a0e6355..00000000 --- a/library/k8s_v1beta1_job.py +++ /dev/null @@ -1,2420 +0,0 @@ -#!/usr/bin/env python - -from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException - -DOCUMENTATION = ''' -module: k8s_v1beta1_job -short_description: Kubernetes Job -description: -- Manage the lifecycle of a job object. Supports check mode, and attempts to to be - idempotent. -version_added: 2.3.0 -author: OpenShift (@openshift) -options: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. They are - not queryable and should be preserved when modifying objects. - type: dict - api_key: - description: - - Token used to connect to the API. - cert_file: - description: - - Path to a certificate used to authenticate with the API. - type: path - context: - description: - - The name of a context found in the Kubernetes config file. - debug: - description: - - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log - default: false - type: bool - force: - description: - - If set to C(True), and I(state) is C(present), an existing object will updated, - and lists will be replaced, rather than merged. - default: false - type: bool - host: - description: - - Provide a URL for acessing the Kubernetes API. - key_file: - description: - - Path to a key file used to authenticate with the API. - type: path - kubeconfig: - description: - - Path to an existing Kubernetes config file. If not provided, and no other connection - options are provided, the openshift client will attempt to load the default - configuration file from I(~/.kube/config.json). - type: path - labels: - description: - - Map of string keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers and services. - type: dict - name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation idempotence and - configuration definition. Cannot be updated. - namespace: - description: - - Namespace defines the space within each name must be unique. An empty namespace - is equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. - password: - description: - - Provide a password for connecting to the API. Use in conjunction with I(username). - resource_definition: - description: - - Provide the YAML definition for the object, bypassing any modules parameters - intended to define object attributes. - type: dict - spec_active_deadline_seconds: - description: - - Optional duration in seconds relative to the startTime that the job may be active - before the system tries to terminate it; value must be positive integer - aliases: - - active_deadline_seconds - type: int - spec_auto_selector: - description: - - AutoSelector controls generation of pod labels and pod selectors. It was not - present in the original extensions/v1beta1 Job definition, but exists to allow - conversion from batch/v1 Jobs, where it corresponds to, but has the opposite - meaning as, ManualSelector. - aliases: - - auto_selector - type: bool - spec_completions: - description: - - Completions specifies the desired number of successfully finished pods the job - should be run with. Setting to nil means that the success of any pod signals - the success of all pods, and allows parallelism to have any positive value. - Setting to 1 means that parallelism is limited to 1 and the success of that - pod signals the success of the job. - aliases: - - completions - type: int - spec_parallelism: - description: - - Parallelism specifies the maximum desired number of pods the job should run - at any given time. The actual number of pods running in steady state will be - less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), - i.e. when the work left to do is less than max parallelism. - aliases: - - parallelism - type: int - spec_selector_match_expressions: - description: - - matchExpressions is a list of label selector requirements. The requirements - are ANDed. - aliases: - - selector_match_expressions - type: list - spec_selector_match_labels: - description: - - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only "value". The requirements - are ANDed. - aliases: - - selector_match_labels - type: dict - spec_template_metadata_annotations: - description: - - Annotations is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. They are - not queryable and should be preserved when modifying objects. - type: dict - spec_template_metadata_labels: - description: - - Map of string keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers and services. - type: dict - spec_template_metadata_name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation idempotence and - configuration definition. Cannot be updated. - spec_template_metadata_namespace: - description: - - Namespace defines the space within each name must be unique. An empty namespace - is equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. - spec_template_spec_active_deadline_seconds: - description: - - Optional duration in seconds the pod may be active on the node relative to StartTime - before the system will actively try to mark it failed and kill associated containers. - Value must be a positive integer. - aliases: - - active_deadline_seconds - type: int - spec_template_spec_containers: - description: - - List of containers belonging to the pod. Containers cannot currently be added - or removed. There must be at least one container in a Pod. Cannot be updated. - aliases: - - containers - type: list - spec_template_spec_dns_policy: - description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". - aliases: - - dns_policy - spec_template_spec_host_ipc: - description: - - "Use the host's ipc namespace. Optional: Default to false." - aliases: - - host_ipc - type: bool - spec_template_spec_host_network: - description: - - Host networking requested for this pod. Use the host's network namespace. If - this option is set, the ports that will be used must be specified. Default to - false. - aliases: - - host_network - type: bool - spec_template_spec_host_pid: - description: - - "Use the host's pid namespace. Optional: Default to false." - aliases: - - host_pid - type: bool - spec_template_spec_hostname: - description: - - Specifies the hostname of the Pod If not specified, the pod's hostname will - be set to a system-defined value. - aliases: - - hostname - spec_template_spec_image_pull_secrets: - description: - - ImagePullSecrets is an optional list of references to secrets in the same namespace - to use for pulling any of the images used by this PodSpec. If specified, these - secrets will be passed to individual puller implementations for them to use. - For example, in the case of docker, only DockerConfig type secrets are honored. - aliases: - - image_pull_secrets - type: list - spec_template_spec_node_name: - description: - - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - the scheduler simply schedules this pod onto that node, assuming that it fits - resource requirements. - aliases: - - node_name - spec_template_spec_node_selector: - description: - - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that - node. - aliases: - - node_selector - type: dict - spec_template_spec_restart_policy: - description: - - Restart policy for all containers within the pod. One of Always, OnFailure, - Never. Default to Always. - aliases: - - restart_policy - spec_template_spec_security_context_fs_group: - description: - - "A special supplemental group that applies to all containers in a pod. Some\ - \ volume types allow the Kubelet to change the ownership of that volume to be\ - \ owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit\ - \ is set (new files created in the volume will be owned by FSGroup) 3. The permission\ - \ bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership\ - \ and permissions of any volume." - aliases: - - security_context_fs_group - type: int - spec_template_spec_security_context_run_as_non_root: - description: - - Indicates that the container must run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure that it does not run as UID 0 (root) - and fail to start the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes precedence. - aliases: - - security_context_run_as_non_root - type: bool - spec_template_spec_security_context_run_as_user: - description: - - The UID to run the entrypoint of the container process. Defaults to user specified - in image metadata if unspecified. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - aliases: - - security_context_run_as_user - type: int - spec_template_spec_security_context_se_linux_options_level: - description: - - Level is SELinux level label that applies to the container. - aliases: - - security_context_se_linux_options_level - spec_template_spec_security_context_se_linux_options_role: - description: - - Role is a SELinux role label that applies to the container. - aliases: - - security_context_se_linux_options_role - spec_template_spec_security_context_se_linux_options_type: - description: - - Type is a SELinux type label that applies to the container. - aliases: - - security_context_se_linux_options_type - spec_template_spec_security_context_se_linux_options_user: - description: - - User is a SELinux user label that applies to the container. - aliases: - - security_context_se_linux_options_user - spec_template_spec_security_context_supplemental_groups: - description: - - A list of groups applied to the first process run in each container, in addition - to the container's primary GID. If unspecified, no groups will be added to any - container. - aliases: - - security_context_supplemental_groups - type: list - spec_template_spec_service_account: - description: - - 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: - Use serviceAccountName instead.' - aliases: - - service_account - spec_template_spec_service_account_name: - description: - - ServiceAccountName is the name of the ServiceAccount to use to run this pod. - aliases: - - service_account_name - spec_template_spec_subdomain: - description: - - If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a - domainname at all. - aliases: - - subdomain - spec_template_spec_termination_grace_period_seconds: - description: - - Optional duration in seconds the pod needs to terminate gracefully. May be decreased - in delete request. Value must be non-negative integer. The value zero indicates - delete immediately. If this value is nil, the default grace period will be used - instead. The grace period is the duration in seconds after the processes running - in the pod are sent a termination signal and the time when the processes are - forcibly halted with a kill signal. Set this value longer than the expected - cleanup time for your process. Defaults to 30 seconds. - aliases: - - termination_grace_period_seconds - type: int - spec_template_spec_volumes: - description: - - List of volumes that can be mounted by containers belonging to the pod. - aliases: - - volumes - type: list - src: - description: - - Provide a path to a file containing the YAML definition of the object. Mutually - exclusive with I(resource_definition). - type: path - ssl_ca_cert: - description: - - Path to a CA certificate used to authenticate with the API. - type: path - state: - description: - - Determines if an object should be created, patched, or deleted. When set to - C(present), the object will be created, if it does not exist, or patched, if - parameter values differ from the existing object's attributes, and deleted, - if set to C(absent). A patch operation results in merging lists and updating - dictionaries, with lists being merged into a unique set of values. If a list - contains a dictionary with a I(name) or I(type) attribute, a strategic merge - is performed, where individual elements with a matching I(name_) or I(type) - are merged. To force the replacement of lists, set the I(force) option to C(True). - default: present - choices: - - present - - absent - username: - description: - - Provide a username for connecting to the API. - verify_ssl: - description: - - Whether or not to verify the API server's SSL certificates. - type: bool -requirements: -- kubernetes == 1.0.0 -''' - -EXAMPLES = ''' -''' - -RETURN = ''' -api_version: - type: string - description: Requested API version -job: - type: complex - returned: when I(state) = C(present) - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. - type: str - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource that - may be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used to distinguish - resources with same name and namespace in different clusters. This field - is not set anywhere right now and apiserver is going to ignore it if set - in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time when this - object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null - for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate before - it will be removed from the system. Only set when deletionTimestamp is - also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource will - be deleted. This field is set by the server when a graceful deletion is - requested by the user, and is not directly settable by a client. The resource - is expected to be deleted (no longer visible from resource lists, and - not reachable by name) after the time in this field. Once set, this value - may not be unset or be set further into the future, although it may be - shortened or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet will - react by sending a graceful termination signal to the containers in the - pod. After that 30 seconds, the Kubelet will send a hard termination signal - (SIGKILL) to the container and after cleanup, remove the pod from the - API. In the presence of network partitions, this object may still exist - after this timestamp, until an administrator or automated process can - determine the resource is fully terminated. If not set, graceful deletion - of the object has not been requested. Populated by the system when a graceful - deletion is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. Each entry - is an identifier for the responsible component that will remove the entry - from the list. If the deletionTimestamp of the object is non-nil, entries - in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate a - unique name ONLY IF the Name field has not been provided. If this field - is used, the name returned to the client will be different than the name - passed. This value will also be combined with a unique suffix. The provided - value has the same validation rules as the Name field, and may be truncated - by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created or 500 with - Reason ServerTimeout indicating a unique name could not be found in the - time allotted, and the client should retry (optionally after the time - indicated in the Retry-After header). Applied only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired state. - Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of - an appropriate name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An empty - namespace is equivalent to the "default" namespace, but "default" is the - canonical representation. Not all objects are required to be scoped to - a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the list have - been deleted, this object will be garbage collected. If this object is - managed by a controller, then an entry in this list will point to this - controller, with the controller field set to true. There cannot be more - than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object that - can be used by clients to determine when objects have changed. May be - used for optimistic concurrency, change detection, and the watch operation - on a resource or set of resources. Clients must treat these values as - opaque and passed unmodified back to the server. They may only be valid - for a particular resource or set of resources. Populated by the system. - Read-only. Value must be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It is typically - generated by the server on successful creation of a resource and is not - allowed to change on PUT operations. Populated by the system. Read-only. - type: str - spec: - description: - - Spec is a structure defining the expected behavior of a job. - type: complex - contains: - active_deadline_seconds: - description: - - Optional duration in seconds relative to the startTime that the job may - be active before the system tries to terminate it; value must be positive - integer - type: int - auto_selector: - description: - - AutoSelector controls generation of pod labels and pod selectors. It was - not present in the original extensions/v1beta1 Job definition, but exists - to allow conversion from batch/v1 Jobs, where it corresponds to, but has - the opposite meaning as, ManualSelector. - type: bool - completions: - description: - - Completions specifies the desired number of successfully finished pods - the job should be run with. Setting to nil means that the success of any - pod signals the success of all pods, and allows parallelism to have any - positive value. Setting to 1 means that parallelism is limited to 1 and - the success of that pod signals the success of the job. - type: int - parallelism: - description: - - Parallelism specifies the maximum desired number of pods the job should - run at any given time. The actual number of pods running in steady state - will be less than this number when ((.spec.completions - .status.successful) - < .spec.parallelism), i.e. when the work left to do is less than max parallelism. - type: int - selector: - description: - - Selector is a label query over pods that should match the pod count. Normally, - the system sets this field for you. - type: complex - contains: - match_expressions: - description: - - matchExpressions is a list of label selector requirements. The requirements - are ANDed. - type: list - contains: - key: - description: - - key is the label key that the selector applies to. - type: str - operator: - description: - - operator represents a key's relationship to a set of values. Valid - operators ard In, NotIn, Exists and DoesNotExist. - type: str - values: - description: - - values is an array of string values. If the operator is In or - NotIn, the values array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must be empty. This array - is replaced during a strategic merge patch. - type: list - contains: str - match_labels: - description: - - matchLabels is a map of {key,value} pairs. A single {key,value} in - the matchLabels map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: complex - contains: str, str - template: - description: - - Template is the object that describes the pod that will be created when - executing a job. - type: complex - contains: - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource - that may be set by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be preserved when - modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used - to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver - is going to ignore it if set in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in - happens-before order across separate operations. Clients may not - set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource - will be deleted. This field is set by the server when a graceful - deletion is requested by the user, and is not directly settable - by a client. The resource is expected to be deleted (no longer - visible from resource lists, and not reachable by name) after - the time in this field. Once set, this value may not be unset - or be set further into the future, although it may be shortened - or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet - will react by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a hard - termination signal (SIGKILL) to the container and after cleanup, - remove the pod from the API. In the presence of network partitions, - this object may still exist after this timestamp, until an administrator - or automated process can determine the resource is fully terminated. - If not set, graceful deletion of the object has not been requested. - Populated by the system when a graceful deletion is requested. - Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component that - will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate - a unique name ONLY IF the Name field has not been provided. If - this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a - unique suffix. The provided value has the same validation rules - as the Name field, and may be truncated by the length of the suffix - required to make the value unique on the server. If this field - is specified and the generated name exists, the server will NOT - return a 409 - instead, it will either return 201 Created or 500 - with Reason ServerTimeout indicating a unique name could not be - found in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied only - if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired - state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and - categorize (scope and select) objects. May match selectors of - replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration definition. - Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An - empty namespace is equivalent to the "default" namespace, but - "default" is the canonical representation. Not all objects are - required to be scoped to a namespace - the value of this field - for those objects will be empty. Must be a DNS_LABEL. Cannot be - updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the - list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object - that can be used by clients to determine when objects have changed. - May be used for optimistic concurrency, change detection, and - the watch operation on a resource or set of resources. Clients - must treat these values as opaque and passed unmodified back to - the server. They may only be valid for a particular resource or - set of resources. Populated by the system. Read-only. Value must - be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. - Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It - is typically generated by the server on successful creation of - a resource and is not allowed to change on PUT operations. Populated - by the system. Read-only. - type: str - spec: - description: - - Specification of the desired behavior of the pod. - type: complex - contains: - active_deadline_seconds: - description: - - Optional duration in seconds the pod may be active on the node - relative to StartTime before the system will actively try to mark - it failed and kill associated containers. Value must be a positive - integer. - type: int - containers: - description: - - List of containers belonging to the pod. Containers cannot currently - be added or removed. There must be at least one container in a - Pod. Cannot be updated. - type: list - contains: - args: - description: - - "Arguments to the entrypoint. The docker image's CMD is used\ - \ if this is not provided. Variable references $(VAR_NAME)\ - \ are expanded using the container's environment. If a variable\ - \ cannot be resolved, the reference in the input string will\ - \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ - \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ - \ be expanded, regardless of whether the variable exists or\ - \ not. Cannot be updated." - type: list - contains: str - command: - description: - - "Entrypoint array. Not executed within a shell. The docker\ - \ image's ENTRYPOINT is used if this is not provided. Variable\ - \ references $(VAR_NAME) are expanded using the container's\ - \ environment. If a variable cannot be resolved, the reference\ - \ in the input string will be unchanged. The $(VAR_NAME) syntax\ - \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ - \ references will never be expanded, regardless of whether\ - \ the variable exists or not. Cannot be updated." - type: list - contains: str - env: - description: - - List of environment variables to set in the container. Cannot - be updated. - type: list - contains: - name: - description: - - Name of the environment variable. Must be a C_IDENTIFIER. - type: str - value: - description: - - 'Variable references $(VAR_NAME) are expanded using the - previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: str - value_from: - description: - - Source for the environment variable's value. Cannot be - used if value is not empty. - type: complex - contains: - config_map_key_ref: - description: - - Selects a key of a ConfigMap. - type: complex - contains: - key: - description: - - The key to select. - type: str - name: - description: - - Name of the referent. - type: str - field_ref: - description: - - 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified API - version. - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed resources, - defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - secret_key_ref: - description: - - Selects a key of a secret in the pod's namespace - type: complex - contains: - key: - description: - - The key of the secret to select from. Must be - a valid secret key. - type: str - name: - description: - - Name of the referent. - type: str - image: - description: - - Docker image name. - type: str - image_pull_policy: - description: - - Image pull policy. One of Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - type: str - lifecycle: - description: - - Actions that the management system should take in response - to container lifecycle events. Cannot be updated. - type: complex - contains: - post_start: - description: - - PostStart is called immediately after a container is created. - If the handler fails, the container is terminated and - restarted according to its restart policy. Other management - of the container blocks until the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - pre_stop: - description: - - PreStop is called immediately before a container is terminated. - The container is terminated after the handler completes. - The reason for termination is passed to the handler. Regardless - of the outcome of the handler, the container is eventually - terminated. Other management of the container blocks until - the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - liveness_probe: - description: - - Periodic probe of container liveness. Container will be restarted - if the probe fails. Cannot be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside the - container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so - traditional shell instructions ('|', etc) won't work. - To use a shell, you need to explicitly call out to - that shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started before - liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default to - 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be considered - successful after having failed. Defaults to 1. Must be - 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. TCP - hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. Defaults - to 1 second. Minimum value is 1. - type: int - name: - description: - - Name of the container specified as a DNS_LABEL. Each container - in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: str - ports: - description: - - List of ports to expose from the container. Exposing a port - here gives the system additional information about the network - connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from - being exposed. Any port which is listening on the default - "0.0.0.0" address inside a container will be accessible from - the network. Cannot be updated. - type: list - contains: - container_port: - description: - - Number of port to expose on the pod's IP address. This - must be a valid port number, 0 < x < 65536. - type: int - host_ip: - description: - - What host IP to bind the external port to. - type: str - host_port: - description: - - Number of port to expose on the host. If specified, this - must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - type: int - name: - description: - - If specified, this must be an IANA_SVC_NAME and unique - within the pod. Each named port in a pod must have a unique - name. Name for the port that can be referred to by services. - type: str - protocol: - description: - - Protocol for port. Must be UDP or TCP. Defaults to "TCP". - type: str - readiness_probe: - description: - - Periodic probe of container service readiness. Container will - be removed from service endpoints if the probe fails. Cannot - be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside the - container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so - traditional shell instructions ('|', etc) won't work. - To use a shell, you need to explicitly call out to - that shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started before - liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default to - 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be considered - successful after having failed. Defaults to 1. Must be - 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. TCP - hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. Defaults - to 1 second. Minimum value is 1. - type: int - resources: - description: - - Compute Resources required by this container. Cannot be updated. - type: complex - contains: - limits: - description: - - Limits describes the maximum amount of compute resources - allowed. - type: complex - contains: str, ResourceQuantity - requests: - description: - - Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to - an implementation-defined value. - type: complex - contains: str, ResourceQuantity - security_context: - description: - - Security options the pod should run with. - type: complex - contains: - capabilities: - description: - - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. - type: complex - contains: - add: - description: - - Added capabilities - type: list - contains: str - drop: - description: - - Removed capabilities - type: list - contains: str - privileged: - description: - - Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. - Defaults to false. - type: bool - read_only_root_filesystem: - description: - - Whether this container has a read-only root filesystem. - Default is false. - type: bool - run_as_non_root: - description: - - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, - no such validation will be performed. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: int - se_linux_options: - description: - - The SELinux context to be applied to the container. If - unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the container. - type: str - role: - description: - - Role is a SELinux role label that applies to the container. - type: str - type: - description: - - Type is a SELinux type label that applies to the container. - type: str - user: - description: - - User is a SELinux user label that applies to the container. - type: str - stdin: - description: - - Whether this container should allocate a buffer for stdin - in the container runtime. If this is not set, reads from stdin - in the container will always result in EOF. Default is false. - type: bool - stdin_once: - description: - - Whether the container runtime should close the stdin channel - after it has been opened by a single attach. When stdin is - true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on - container start, is empty until the first client attaches - to stdin, and then remains open and accepts data until the - client disconnects, at which time stdin is closed and remains - closed until the container is restarted. If this flag is false, - a container processes that reads from stdin will never receive - an EOF. Default is false - type: bool - termination_message_path: - description: - - "Optional: Path at which the file to which the container's\ - \ termination message will be written is mounted into the\ - \ container's filesystem. Message written is intended to be\ - \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." - type: str - tty: - description: - - Whether this container should allocate a TTY for itself, also - requires 'stdin' to be true. Default is false. - type: bool - volume_mounts: - description: - - Pod volumes to mount into the container's filesystem. Cannot - be updated. - type: list - contains: - mount_path: - description: - - Path within the container at which the volume should be - mounted. Must not contain ':'. - type: str - name: - description: - - This must match the Name of a Volume. - type: str - read_only: - description: - - Mounted read-only if true, read-write otherwise (false - or unspecified). Defaults to false. - type: bool - sub_path: - description: - - Path within the volume from which the container's volume - should be mounted. Defaults to "" (volume's root). - type: str - working_dir: - description: - - Container's working directory. If not specified, the container - runtime's default will be used, which might be configured - in the container image. Cannot be updated. - type: str - dns_policy: - description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". - type: str - host_ipc: - description: - - "Use the host's ipc namespace. Optional: Default to false." - type: bool - host_network: - description: - - Host networking requested for this pod. Use the host's network - namespace. If this option is set, the ports that will be used - must be specified. Default to false. - type: bool - host_pid: - description: - - "Use the host's pid namespace. Optional: Default to false." - type: bool - hostname: - description: - - Specifies the hostname of the Pod If not specified, the pod's - hostname will be set to a system-defined value. - type: str - image_pull_secrets: - description: - - ImagePullSecrets is an optional list of references to secrets - in the same namespace to use for pulling any of the images used - by this PodSpec. If specified, these secrets will be passed to - individual puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets are honored. - type: list - contains: - name: - description: - - Name of the referent. - type: str - node_name: - description: - - NodeName is a request to schedule this pod onto a specific node. - If it is non-empty, the scheduler simply schedules this pod onto - that node, assuming that it fits resource requirements. - type: str - node_selector: - description: - - NodeSelector is a selector which must be true for the pod to fit - on a node. Selector which must match a node's labels for the pod - to be scheduled on that node. - type: complex - contains: str, str - restart_policy: - description: - - Restart policy for all containers within the pod. One of Always, - OnFailure, Never. Default to Always. - type: str - security_context: - description: - - 'SecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description - for default values of each field.' - type: complex - contains: - fs_group: - description: - - "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change\ - \ the ownership of that volume to be owned by the pod: 1.\ - \ The owning GID will be the FSGroup 2. The setgid bit is\ - \ set (new files created in the volume will be owned by FSGroup)\ - \ 3. The permission bits are OR'd with rw-rw---- If unset,\ - \ the Kubelet will not modify the ownership and permissions\ - \ of any volume." - type: int - run_as_non_root: - description: - - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to - ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also - be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - type: int - se_linux_options: - description: - - The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the container. - type: str - role: - description: - - Role is a SELinux role label that applies to the container. - type: str - type: - description: - - Type is a SELinux type label that applies to the container. - type: str - user: - description: - - User is a SELinux user label that applies to the container. - type: str - supplemental_groups: - description: - - A list of groups applied to the first process run in each - container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - type: list - contains: int - service_account: - description: - - 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: str - service_account_name: - description: - - ServiceAccountName is the name of the ServiceAccount to use to - run this pod. - type: str - subdomain: - description: - - If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will - not have a domainname at all. - type: str - termination_grace_period_seconds: - description: - - Optional duration in seconds the pod needs to terminate gracefully. - May be decreased in delete request. Value must be non-negative - integer. The value zero indicates delete immediately. If this - value is nil, the default grace period will be used instead. The - grace period is the duration in seconds after the processes running - in the pod are sent a termination signal and the time when the - processes are forcibly halted with a kill signal. Set this value - longer than the expected cleanup time for your process. Defaults - to 30 seconds. - type: int - volumes: - description: - - List of volumes that can be mounted by containers belonging to - the pod. - type: list - contains: - aws_elastic_block_store: - description: - - AWSElasticBlockStore represents an AWS Disk resource that - is attached to a kubelet's host machine and then exposed to - the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. If - omitted, the default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or - you can leave the property empty).' - type: int - read_only: - description: - - Specify "true" to force and set the ReadOnly property - in VolumeMounts to "true". If omitted, the default is - "false". - type: bool - volume_id: - description: - - Unique ID of the persistent disk resource in AWS (Amazon - EBS volume). - type: str - azure_disk: - description: - - AzureDisk represents an Azure Data Disk mount on the host - and bind mount to the pod. - type: complex - contains: - caching_mode: - description: - - 'Host Caching mode: None, Read Only, Read Write.' - type: str - disk_name: - description: - - The Name of the data disk in the blob storage - type: str - disk_uri: - description: - - The URI the data disk in the blob storage - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - read_only: - description: - - Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: bool - azure_file: - description: - - AzureFile represents an Azure File Service mount on the host - and bind mount to the pod. - type: complex - contains: - read_only: - description: - - Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: bool - secret_name: - description: - - the name of secret that contains Azure Storage Account - Name and Key - type: str - share_name: - description: - - Share Name - type: str - cephfs: - description: - - CephFS represents a Ceph FS mount on the host that shares - a pod's lifetime - type: complex - contains: - monitors: - description: - - 'Required: Monitors is a collection of Ceph monitors' - type: list - contains: str - path: - description: - - 'Optional: Used as the mounted root, rather than the full - Ceph tree, default is /' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_file: - description: - - 'Optional: SecretFile is the path to key ring for User, - default is /etc/ceph/user.secret' - type: str - secret_ref: - description: - - 'Optional: SecretRef is reference to the authentication - secret for User, default is empty.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - 'Optional: User is the rados user name, default is admin' - type: str - cinder: - description: - - Cinder represents a cinder volume attached and mounted on - kubelets host machine - type: complex - contains: - fs_type: - description: - - 'Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - volume_id: - description: - - volume id used to identify the volume in cinder - type: str - config_map: - description: - - ConfigMap represents a configMap that should populate this - volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect - the file mode, like fsGroup, and the result can be other - mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced ConfigMap will be projected into the - volume as a file whose name is the key and content is - the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must be - a value between 0 and 0777. If not specified, the - volume defaultMode will be used. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - type: int - path: - description: - - The relative path of the file to map the key to. May - not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: str - name: - description: - - Name of the referent. - type: str - downward_api: - description: - - DownwardAPI represents downward API about the pod that should - populate this volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect - the file mode, like fsGroup, and the result can be other - mode bits set.' - type: int - items: - description: - - Items is a list of downward API volume file - type: list - contains: - field_ref: - description: - - 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are supported.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified API - version. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must be - a value between 0 and 0777. If not specified, the - volume defaultMode will be used. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - type: int - path: - description: - - "Required: Path is the relative path name of the file\ - \ to be created. Must not be absolute or contain the\ - \ '..' path. Must be utf-8 encoded. The first item\ - \ of the relative path must not start with '..'" - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed resources, - defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - empty_dir: - description: - - EmptyDir represents a temporary directory that shares a pod's - lifetime. - type: complex - contains: - medium: - description: - - What type of storage medium should back this directory. - The default is "" which means to use the node's default - medium. Must be an empty string (default) or Memory. - type: str - fc: - description: - - FC represents a Fibre Channel resource that is attached to - a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - lun: - description: - - 'Required: FC target lun number' - type: int - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - target_ww_ns: - description: - - 'Required: FC target worldwide names (WWNs)' - type: list - contains: str - flex_volume: - description: - - FlexVolume represents a generic volume resource that is provisioned/attached - using an exec based plugin. This is an alpha feature and may - change in future. - type: complex - contains: - driver: - description: - - Driver is the name of the driver to use for this volume. - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on FlexVolume script. - type: str - options: - description: - - 'Optional: Extra command options if any.' - type: complex - contains: str, str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_ref: - description: - - 'Optional: SecretRef is reference to the secret object - containing sensitive information to pass to the plugin - scripts. This may be empty if no secret object is specified. - If the secret object contains more than one secret, all - secrets are passed to the plugin scripts.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - flocker: - description: - - Flocker represents a Flocker volume attached to a kubelet's - host machine. This depends on the Flocker control service - being running - type: complex - contains: - dataset_name: - description: - - Name of the dataset stored as metadata -> name on the - dataset for Flocker should be considered as deprecated - type: str - dataset_uuid: - description: - - UUID of the dataset. This is unique identifier of a Flocker - dataset - type: str - gce_persistent_disk: - description: - - GCEPersistentDisk represents a GCE Disk resource that is attached - to a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. If - omitted, the default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or - you can leave the property empty).' - type: int - pd_name: - description: - - Unique name of the PD resource in GCE. Used to identify - the disk in GCE. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - git_repo: - description: - - GitRepo represents a git repository at a particular revision. - type: complex - contains: - directory: - description: - - Target directory name. Must not contain or start with - '..'. If '.' is supplied, the volume directory will be - the git repository. Otherwise, if specified, the volume - will contain the git repository in the subdirectory with - the given name. - type: str - repository: - description: - - Repository URL - type: str - revision: - description: - - Commit hash for the specified revision. - type: str - glusterfs: - description: - - Glusterfs represents a Glusterfs mount on the host that shares - a pod's lifetime. - type: complex - contains: - endpoints: - description: - - EndpointsName is the endpoint name that details Glusterfs - topology. - type: str - path: - description: - - Path is the Glusterfs volume path. - type: str - read_only: - description: - - ReadOnly here will force the Glusterfs volume to be mounted - with read-only permissions. Defaults to false. - type: bool - host_path: - description: - - HostPath represents a pre-existing file or directory on the - host machine that is directly exposed to the container. This - is generally used for system agents or other privileged things - that are allowed to see the host machine. Most containers - will NOT need this. - type: complex - contains: - path: - description: - - Path of the directory on the host. - type: str - iscsi: - description: - - ISCSI represents an ISCSI Disk resource that is attached to - a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - iqn: - description: - - Target iSCSI Qualified Name. - type: str - iscsi_interface: - description: - - "Optional: Defaults to 'default' (tcp). iSCSI interface\ - \ name that uses an iSCSI transport." - type: str - lun: - description: - - iSCSI target lun number. - type: int - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - target_portal: - description: - - iSCSI target portal. The portal is either an IP or ip_addr:port - if the port is other than default (typically TCP ports - 860 and 3260). - type: str - name: - description: - - Volume's name. Must be a DNS_LABEL and unique within the pod. - type: str - nfs: - description: - - NFS represents an NFS mount on the host that shares a pod's - lifetime - type: complex - contains: - path: - description: - - Path that is exported by the NFS server. - type: str - read_only: - description: - - ReadOnly here will force the NFS export to be mounted - with read-only permissions. Defaults to false. - type: bool - server: - description: - - Server is the hostname or IP address of the NFS server. - type: str - persistent_volume_claim: - description: - - PersistentVolumeClaimVolumeSource represents a reference to - a PersistentVolumeClaim in the same namespace. - type: complex - contains: - claim_name: - description: - - ClaimName is the name of a PersistentVolumeClaim in the - same namespace as the pod using this volume. - type: str - read_only: - description: - - Will force the ReadOnly setting in VolumeMounts. Default - false. - type: bool - photon_persistent_disk: - description: - - PhotonPersistentDisk represents a PhotonController persistent - disk attached and mounted on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - pd_id: - description: - - ID that identifies Photon Controller persistent disk - type: str - quobyte: - description: - - Quobyte represents a Quobyte mount on the host that shares - a pod's lifetime - type: complex - contains: - group: - description: - - Group to map volume access to Default is no group - type: str - read_only: - description: - - ReadOnly here will force the Quobyte volume to be mounted - with read-only permissions. Defaults to false. - type: bool - registry: - description: - - Registry represents a single or multiple Quobyte Registry - services specified as a string as host:port pair (multiple - entries are separated with commas) which acts as the central - registry for volumes - type: str - user: - description: - - User to map volume access to Defaults to serivceaccount - user - type: str - volume: - description: - - Volume is a string that references an already created - Quobyte volume by name. - type: str - rbd: - description: - - RBD represents a Rados Block Device mount on the host that - shares a pod's lifetime. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - image: - description: - - The rados image name. - type: str - keyring: - description: - - Keyring is the path to key ring for RBDUser. Default is - /etc/ceph/keyring. - type: str - monitors: - description: - - A collection of Ceph monitors. - type: list - contains: str - pool: - description: - - The rados pool name. Default is rbd. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - secret_ref: - description: - - SecretRef is name of the authentication secret for RBDUser. - If provided overrides keyring. Default is nil. - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - The rados user name. Default is admin. - type: str - secret: - description: - - Secret represents a secret that should populate this volume. - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect - the file mode, like fsGroup, and the result can be other - mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced Secret will be projected into the volume - as a file whose name is the key and content is the value. - If specified, the listed keys will be projected into the - specified paths, and unlisted keys will not be present. - If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must be - a value between 0 and 0777. If not specified, the - volume defaultMode will be used. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - type: int - path: - description: - - The relative path of the file to map the key to. May - not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: str - secret_name: - description: - - Name of the secret in the pod's namespace to use. - type: str - vsphere_volume: - description: - - VsphereVolume represents a vSphere volume attached and mounted - on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - volume_path: - description: - - Path that identifies vSphere volume vmdk - type: str - status: - description: - - Status is a structure describing current status of a job. - type: complex - contains: - active: - description: - - Active is the number of actively running pods. - type: int - completion_time: - description: - - CompletionTime represents time when the job was completed. It is not guaranteed - to be set in happens-before order across separate operations. It is represented - in RFC3339 form and is in UTC. - type: complex - contains: {} - conditions: - description: - - Conditions represent the latest available observations of an object's - current state. - type: list - contains: - last_probe_time: - description: - - Last time the condition was checked. - type: complex - contains: {} - last_transition_time: - description: - - Last time the condition transit from one status to another. - type: complex - contains: {} - message: - description: - - Human readable message indicating details about last transition. - type: str - reason: - description: - - (brief) reason for the condition's last transition. - type: str - status: - description: - - Status of the condition, one of True, False, Unknown. - type: str - type: - description: - - Type of job condition, Complete or Failed. - type: str - failed: - description: - - Failed is the number of pods which reached Phase Failed. - type: int - start_time: - description: - - StartTime represents time when the job was acknowledged by the Job Manager. - It is not guaranteed to be set in happens-before order across separate - operations. It is represented in RFC3339 form and is in UTC. - type: complex - contains: {} - succeeded: - description: - - Succeeded is the number of pods which reached Phase Succeeded. - type: int -''' - - -def main(): - try: - module = KubernetesAnsibleModule('job', 'V1beta1') - except KubernetesAnsibleException as exc: - # The helper failed to init, so there is no module object. All we can do is raise the error. - raise Exception(exc.message) - - try: - module.execute_module() - except KubernetesAnsibleException as exc: - module.fail_json(msg="Module failed!", error=str(exc)) - - -if __name__ == '__main__': - main() diff --git a/library/k8s_v1beta1_job_list.py b/library/k8s_v1beta1_job_list.py deleted file mode 100644 index 7d6935f3..00000000 --- a/library/k8s_v1beta1_job_list.py +++ /dev/null @@ -1,2243 +0,0 @@ -#!/usr/bin/env python - -from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException - -DOCUMENTATION = ''' -module: k8s_v1beta1_job_list -short_description: Kubernetes JobList -description: -- Retrieve a list of jobs. List operations provide a snapshot read of the underlying - objects, returning a resource_version representing a consistent version of the listed - objects. -version_added: 2.3.0 -author: OpenShift (@openshift) -options: - api_key: - description: - - Token used to connect to the API. - cert_file: - description: - - Path to a certificate used to authenticate with the API. - type: path - context: - description: - - The name of a context found in the Kubernetes config file. - debug: - description: - - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log - default: false - type: bool - force: - description: - - If set to C(True), and I(state) is C(present), an existing object will updated, - and lists will be replaced, rather than merged. - default: false - type: bool - host: - description: - - Provide a URL for acessing the Kubernetes API. - key_file: - description: - - Path to a key file used to authenticate with the API. - type: path - kubeconfig: - description: - - Path to an existing Kubernetes config file. If not provided, and no other connection - options are provided, the openshift client will attempt to load the default - configuration file from I(~/.kube/config.json). - type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. - password: - description: - - Provide a password for connecting to the API. Use in conjunction with I(username). - resource_definition: - description: - - Provide the YAML definition for the object, bypassing any modules parameters - intended to define object attributes. - type: dict - src: - description: - - Provide a path to a file containing the YAML definition of the object. Mutually - exclusive with I(resource_definition). - type: path - ssl_ca_cert: - description: - - Path to a CA certificate used to authenticate with the API. - type: path - state: - description: - - Determines if an object should be created, patched, or deleted. When set to - C(present), the object will be created, if it does not exist, or patched, if - parameter values differ from the existing object's attributes, and deleted, - if set to C(absent). A patch operation results in merging lists and updating - dictionaries, with lists being merged into a unique set of values. If a list - contains a dictionary with a I(name) or I(type) attribute, a strategic merge - is performed, where individual elements with a matching I(name_) or I(type) - are merged. To force the replacement of lists, set the I(force) option to C(True). - default: present - choices: - - present - - absent - username: - description: - - Provide a username for connecting to the API. - verify_ssl: - description: - - Whether or not to verify the API server's SSL certificates. - type: bool -requirements: -- kubernetes == 1.0.0 -''' - -EXAMPLES = ''' -''' - -RETURN = ''' -api_version: - type: string - description: Requested API version -job_list: - type: complex - returned: when I(state) = C(present) - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - type: str - items: - description: - - Items is the list of Job. - type: list - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, - and may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. In CamelCase. - type: str - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource - that may be set by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be preserved when modifying - objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used - to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver is - going to ignore it if set in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. - It is represented in RFC3339 form and is in UTC. Populated by the - system. Read-only. Null for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource - will be deleted. This field is set by the server when a graceful deletion - is requested by the user, and is not directly settable by a client. - The resource is expected to be deleted (no longer visible from resource - lists, and not reachable by name) after the time in this field. Once - set, this value may not be unset or be set further into the future, - although it may be shortened or the resource may be deleted prior - to this time. For example, a user may request that a pod is deleted - in 30 seconds. The Kubelet will react by sending a graceful termination - signal to the containers in the pod. After that 30 seconds, the Kubelet - will send a hard termination signal (SIGKILL) to the container and - after cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, until - an administrator or automated process can determine the resource is - fully terminated. If not set, graceful deletion of the object has - not been requested. Populated by the system when a graceful deletion - is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. Each - entry is an identifier for the responsible component that will remove - the entry from the list. If the deletionTimestamp of the object is - non-nil, entries in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate - a unique name ONLY IF the Name field has not been provided. If this - field is used, the name returned to the client will be different than - the name passed. This value will also be combined with a unique suffix. - The provided value has the same validation rules as the Name field, - and may be truncated by the length of the suffix required to make - the value unique on the server. If this field is specified and the - generated name exists, the server will NOT return a 409 - instead, - it will either return 201 Created or 500 with Reason ServerTimeout - indicating a unique name could not be found in the time allotted, - and the client should retry (optionally after the time indicated in - the Retry-After header). Applied only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired - state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request the - generation of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration definition. Cannot - be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An empty - namespace is equivalent to the "default" namespace, but "default" - is the canonical representation. Not all objects are required to be - scoped to a namespace - the value of this field for those objects - will be empty. Must be a DNS_LABEL. Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the list - have been deleted, this object will be garbage collected. If this - object is managed by a controller, then an entry in this list will - point to this controller, with the controller field set to true. There - cannot be more than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object - that can be used by clients to determine when objects have changed. - May be used for optimistic concurrency, change detection, and the - watch operation on a resource or set of resources. Clients must treat - these values as opaque and passed unmodified back to the server. They - may only be valid for a particular resource or set of resources. Populated - by the system. Read-only. Value must be treated as opaque by clients - and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. - Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It is typically - generated by the server on successful creation of a resource and is - not allowed to change on PUT operations. Populated by the system. - Read-only. - type: str - spec: - description: - - Spec is a structure defining the expected behavior of a job. - type: complex - contains: - active_deadline_seconds: - description: - - Optional duration in seconds relative to the startTime that the job - may be active before the system tries to terminate it; value must - be positive integer - type: int - auto_selector: - description: - - AutoSelector controls generation of pod labels and pod selectors. - It was not present in the original extensions/v1beta1 Job definition, - but exists to allow conversion from batch/v1 Jobs, where it corresponds - to, but has the opposite meaning as, ManualSelector. - type: bool - completions: - description: - - Completions specifies the desired number of successfully finished - pods the job should be run with. Setting to nil means that the success - of any pod signals the success of all pods, and allows parallelism - to have any positive value. Setting to 1 means that parallelism is - limited to 1 and the success of that pod signals the success of the - job. - type: int - parallelism: - description: - - Parallelism specifies the maximum desired number of pods the job should - run at any given time. The actual number of pods running in steady - state will be less than this number when ((.spec.completions - .status.successful) - < .spec.parallelism), i.e. when the work left to do is less than max - parallelism. - type: int - selector: - description: - - Selector is a label query over pods that should match the pod count. - Normally, the system sets this field for you. - type: complex - contains: - match_expressions: - description: - - matchExpressions is a list of label selector requirements. The - requirements are ANDed. - type: list - contains: - key: - description: - - key is the label key that the selector applies to. - type: str - operator: - description: - - operator represents a key's relationship to a set of values. - Valid operators ard In, NotIn, Exists and DoesNotExist. - type: str - values: - description: - - values is an array of string values. If the operator is In - or NotIn, the values array must be non-empty. If the operator - is Exists or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge patch. - type: list - contains: str - match_labels: - description: - - matchLabels is a map of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", and the values - array contains only "value". The requirements are ANDed. - type: complex - contains: str, str - template: - description: - - Template is the object that describes the pod that will be created - when executing a job. - type: complex - contains: - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a - resource that may be set by external tools to store and retrieve - arbitrary metadata. They are not queryable and should be preserved - when modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This - is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right - now and apiserver is going to ignore it if set in create or - update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set - in happens-before order across separate operations. Clients - may not set this value. It is represented in RFC3339 form - and is in UTC. Populated by the system. Read-only. Null for - lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this - resource will be deleted. This field is set by the server - when a graceful deletion is requested by the user, and is - not directly settable by a client. The resource is expected - to be deleted (no longer visible from resource lists, and - not reachable by name) after the time in this field. Once - set, this value may not be unset or be set further into the - future, although it may be shortened or the resource may be - deleted prior to this time. For example, a user may request - that a pod is deleted in 30 seconds. The Kubelet will react - by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a - hard termination signal (SIGKILL) to the container and after - cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, - until an administrator or automated process can determine - the resource is fully terminated. If not set, graceful deletion - of the object has not been requested. Populated by the system - when a graceful deletion is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be - removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to - generate a unique name ONLY IF the Name field has not been - provided. If this field is used, the name returned to the - client will be different than the name passed. This value - will also be combined with a unique suffix. The provided value - has the same validation rules as the Name field, and may be - truncated by the length of the suffix required to make the - value unique on the server. If this field is specified and - the generated name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found - in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied - only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the - desired state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors - of replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name - is primarily intended for creation idempotence and configuration - definition. Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. - An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. - Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in - the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in - this list will point to this controller, with the controller - field set to true. There cannot be more than one managing - controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this - object that can be used by clients to determine when objects - have changed. May be used for optimistic concurrency, change - detection, and the watch operation on a resource or set of - resources. Clients must treat these values as opaque and passed - unmodified back to the server. They may only be valid for - a particular resource or set of resources. Populated by the - system. Read-only. Value must be treated as opaque by clients - and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the - system. Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. - It is typically generated by the server on successful creation - of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. - type: str - spec: - description: - - Specification of the desired behavior of the pod. - type: complex - contains: - active_deadline_seconds: - description: - - Optional duration in seconds the pod may be active on the - node relative to StartTime before the system will actively - try to mark it failed and kill associated containers. Value - must be a positive integer. - type: int - containers: - description: - - List of containers belonging to the pod. Containers cannot - currently be added or removed. There must be at least one - container in a Pod. Cannot be updated. - type: list - contains: - args: - description: - - "Arguments to the entrypoint. The docker image's CMD is\ - \ used if this is not provided. Variable references $(VAR_NAME)\ - \ are expanded using the container's environment. If a\ - \ variable cannot be resolved, the reference in the input\ - \ string will be unchanged. The $(VAR_NAME) syntax can\ - \ be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ - \ references will never be expanded, regardless of whether\ - \ the variable exists or not. Cannot be updated." - type: list - contains: str - command: - description: - - "Entrypoint array. Not executed within a shell. The docker\ - \ image's ENTRYPOINT is used if this is not provided.\ - \ Variable references $(VAR_NAME) are expanded using the\ - \ container's environment. If a variable cannot be resolved,\ - \ the reference in the input string will be unchanged.\ - \ The $(VAR_NAME) syntax can be escaped with a double\ - \ $$, ie: $$(VAR_NAME). Escaped references will never\ - \ be expanded, regardless of whether the variable exists\ - \ or not. Cannot be updated." - type: list - contains: str - env: - description: - - List of environment variables to set in the container. - Cannot be updated. - type: list - contains: - name: - description: - - Name of the environment variable. Must be a C_IDENTIFIER. - type: str - value: - description: - - 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the - container and any service environment variables. If - a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to - "".' - type: str - value_from: - description: - - Source for the environment variable's value. Cannot - be used if value is not empty. - type: complex - contains: - config_map_key_ref: - description: - - Selects a key of a ConfigMap. - type: complex - contains: - key: - description: - - The key to select. - type: str - name: - description: - - Name of the referent. - type: str - field_ref: - description: - - 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified - API version. - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are currently - supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed - resources, defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - secret_key_ref: - description: - - Selects a key of a secret in the pod's namespace - type: complex - contains: - key: - description: - - The key of the secret to select from. Must - be a valid secret key. - type: str - name: - description: - - Name of the referent. - type: str - image: - description: - - Docker image name. - type: str - image_pull_policy: - description: - - Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. - type: str - lifecycle: - description: - - Actions that the management system should take in response - to container lifecycle events. Cannot be updated. - type: complex - contains: - post_start: - description: - - PostStart is called immediately after a container - is created. If the handler fails, the container is - terminated and restarted according to its restart - policy. Other management of the container blocks until - the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run - inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you - need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP - allows repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. - Defaults to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - pre_stop: - description: - - PreStop is called immediately before a container is - terminated. The container is terminated after the - handler completes. The reason for termination is passed - to the handler. Regardless of the outcome of the handler, - the container is eventually terminated. Other management - of the container blocks until the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run - inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you - need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP - allows repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. - Defaults to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - liveness_probe: - description: - - Periodic probe of container liveness. Container will be - restarted if the probe fails. Cannot be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started - before liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - type: int - name: - description: - - Name of the container specified as a DNS_LABEL. Each container - in a pod must have a unique name (DNS_LABEL). Cannot be - updated. - type: str - ports: - description: - - List of ports to expose from the container. Exposing a - port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will - be accessible from the network. Cannot be updated. - type: list - contains: - container_port: - description: - - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - type: int - host_ip: - description: - - What host IP to bind the external port to. - type: str - host_port: - description: - - Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If - HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - type: int - name: - description: - - If specified, this must be an IANA_SVC_NAME and unique - within the pod. Each named port in a pod must have - a unique name. Name for the port that can be referred - to by services. - type: str - protocol: - description: - - Protocol for port. Must be UDP or TCP. Defaults to - "TCP". - type: str - readiness_probe: - description: - - Periodic probe of container service readiness. Container - will be removed from service endpoints if the probe fails. - Cannot be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started - before liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - type: int - resources: - description: - - Compute Resources required by this container. Cannot be - updated. - type: complex - contains: - limits: - description: - - Limits describes the maximum amount of compute resources - allowed. - type: complex - contains: str, ResourceQuantity - requests: - description: - - Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. - type: complex - contains: str, ResourceQuantity - security_context: - description: - - Security options the pod should run with. - type: complex - contains: - capabilities: - description: - - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted - by the container runtime. - type: complex - contains: - add: - description: - - Added capabilities - type: list - contains: str - drop: - description: - - Removed capabilities - type: list - contains: str - privileged: - description: - - Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the - host. Defaults to false. - type: bool - read_only_root_filesystem: - description: - - Whether this container has a read-only root filesystem. - Default is false. - type: bool - run_as_non_root: - description: - - Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image - at runtime to ensure that it does not run as UID 0 - (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: int - se_linux_options: - description: - - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate - a random SELinux context for each container. May also - be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the - container. - type: str - role: - description: - - Role is a SELinux role label that applies to the - container. - type: str - type: - description: - - Type is a SELinux type label that applies to the - container. - type: str - user: - description: - - User is a SELinux user label that applies to the - container. - type: str - stdin: - description: - - Whether this container should allocate a buffer for stdin - in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default - is false. - type: bool - stdin_once: - description: - - Whether the container runtime should close the stdin channel - after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple - attach sessions. If stdinOnce is set to true, stdin is - opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If - this flag is false, a container processes that reads from - stdin will never receive an EOF. Default is false - type: bool - termination_message_path: - description: - - "Optional: Path at which the file to which the container's\ - \ termination message will be written is mounted into\ - \ the container's filesystem. Message written is intended\ - \ to be brief final status, such as an assertion failure\ - \ message. Defaults to /dev/termination-log. Cannot be\ - \ updated." - type: str - tty: - description: - - Whether this container should allocate a TTY for itself, - also requires 'stdin' to be true. Default is false. - type: bool - volume_mounts: - description: - - Pod volumes to mount into the container's filesystem. - Cannot be updated. - type: list - contains: - mount_path: - description: - - Path within the container at which the volume should - be mounted. Must not contain ':'. - type: str - name: - description: - - This must match the Name of a Volume. - type: str - read_only: - description: - - Mounted read-only if true, read-write otherwise (false - or unspecified). Defaults to false. - type: bool - sub_path: - description: - - Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's - root). - type: str - working_dir: - description: - - Container's working directory. If not specified, the container - runtime's default will be used, which might be configured - in the container image. Cannot be updated. - type: str - dns_policy: - description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". - type: str - host_ipc: - description: - - "Use the host's ipc namespace. Optional: Default to false." - type: bool - host_network: - description: - - Host networking requested for this pod. Use the host's network - namespace. If this option is set, the ports that will be used - must be specified. Default to false. - type: bool - host_pid: - description: - - "Use the host's pid namespace. Optional: Default to false." - type: bool - hostname: - description: - - Specifies the hostname of the Pod If not specified, the pod's - hostname will be set to a system-defined value. - type: str - image_pull_secrets: - description: - - ImagePullSecrets is an optional list of references to secrets - in the same namespace to use for pulling any of the images - used by this PodSpec. If specified, these secrets will be - passed to individual puller implementations for them to use. - For example, in the case of docker, only DockerConfig type - secrets are honored. - type: list - contains: - name: - description: - - Name of the referent. - type: str - node_name: - description: - - NodeName is a request to schedule this pod onto a specific - node. If it is non-empty, the scheduler simply schedules this - pod onto that node, assuming that it fits resource requirements. - type: str - node_selector: - description: - - NodeSelector is a selector which must be true for the pod - to fit on a node. Selector which must match a node's labels - for the pod to be scheduled on that node. - type: complex - contains: str, str - restart_policy: - description: - - Restart policy for all containers within the pod. One of Always, - OnFailure, Never. Default to Always. - type: str - security_context: - description: - - 'SecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type - description for default values of each field.' - type: complex - contains: - fs_group: - description: - - "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change\ - \ the ownership of that volume to be owned by the pod:\ - \ 1. The owning GID will be the FSGroup 2. The setgid\ - \ bit is set (new files created in the volume will be\ - \ owned by FSGroup) 3. The permission bits are OR'd with\ - \ rw-rw---- If unset, the Kubelet will not modify the\ - \ ownership and permissions of any volume." - type: int - run_as_non_root: - description: - - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, - no such validation will be performed. May also be set - in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - type: int - se_linux_options: - description: - - The SELinux context to be applied to all containers. If - unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the container. - type: str - role: - description: - - Role is a SELinux role label that applies to the container. - type: str - type: - description: - - Type is a SELinux type label that applies to the container. - type: str - user: - description: - - User is a SELinux user label that applies to the container. - type: str - supplemental_groups: - description: - - A list of groups applied to the first process run in each - container, in addition to the container's primary GID. - If unspecified, no groups will be added to any container. - type: list - contains: int - service_account: - description: - - 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: str - service_account_name: - description: - - ServiceAccountName is the name of the ServiceAccount to use - to run this pod. - type: str - subdomain: - description: - - If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod - will not have a domainname at all. - type: str - termination_grace_period_seconds: - description: - - Optional duration in seconds the pod needs to terminate gracefully. - May be decreased in delete request. Value must be non-negative - integer. The value zero indicates delete immediately. If this - value is nil, the default grace period will be used instead. - The grace period is the duration in seconds after the processes - running in the pod are sent a termination signal and the time - when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your - process. Defaults to 30 seconds. - type: int - volumes: - description: - - List of volumes that can be mounted by containers belonging - to the pod. - type: list - contains: - aws_elastic_block_store: - description: - - AWSElasticBlockStore represents an AWS Disk resource that - is attached to a kubelet's host machine and then exposed - to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda - is "0" (or you can leave the property empty).' - type: int - read_only: - description: - - Specify "true" to force and set the ReadOnly property - in VolumeMounts to "true". If omitted, the default - is "false". - type: bool - volume_id: - description: - - Unique ID of the persistent disk resource in AWS (Amazon - EBS volume). - type: str - azure_disk: - description: - - AzureDisk represents an Azure Data Disk mount on the host - and bind mount to the pod. - type: complex - contains: - caching_mode: - description: - - 'Host Caching mode: None, Read Only, Read Write.' - type: str - disk_name: - description: - - The Name of the data disk in the blob storage - type: str - disk_uri: - description: - - The URI the data disk in the blob storage - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - read_only: - description: - - Defaults to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - type: bool - azure_file: - description: - - AzureFile represents an Azure File Service mount on the - host and bind mount to the pod. - type: complex - contains: - read_only: - description: - - Defaults to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - type: bool - secret_name: - description: - - the name of secret that contains Azure Storage Account - Name and Key - type: str - share_name: - description: - - Share Name - type: str - cephfs: - description: - - CephFS represents a Ceph FS mount on the host that shares - a pod's lifetime - type: complex - contains: - monitors: - description: - - 'Required: Monitors is a collection of Ceph monitors' - type: list - contains: str - path: - description: - - 'Optional: Used as the mounted root, rather than the - full Ceph tree, default is /' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_file: - description: - - 'Optional: SecretFile is the path to key ring for - User, default is /etc/ceph/user.secret' - type: str - secret_ref: - description: - - 'Optional: SecretRef is reference to the authentication - secret for User, default is empty.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - 'Optional: User is the rados user name, default is - admin' - type: str - cinder: - description: - - Cinder represents a cinder volume attached and mounted - on kubelets host machine - type: complex - contains: - fs_type: - description: - - 'Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified.' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - volume_id: - description: - - volume id used to identify the volume in cinder - type: str - config_map: - description: - - ConfigMap represents a configMap that should populate - this volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this - setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced ConfigMap will be projected into - the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys - will not be present. If a key is specified which is - not present in the ConfigMap, the volume setup will - error. Paths must be relative and may not contain - the '..' path or start with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result can - be other mode bits set.' - type: int - path: - description: - - The relative path of the file to map the key to. - May not be an absolute path. May not contain the - path element '..'. May not start with the string - '..'. - type: str - name: - description: - - Name of the referent. - type: str - downward_api: - description: - - DownwardAPI represents downward API about the pod that - should populate this volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this - setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: int - items: - description: - - Items is a list of downward API volume file - type: list - contains: - field_ref: - description: - - 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are supported.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified - API version. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result can - be other mode bits set.' - type: int - path: - description: - - "Required: Path is the relative path name of the\ - \ file to be created. Must not be absolute or\ - \ contain the '..' path. Must be utf-8 encoded.\ - \ The first item of the relative path must not\ - \ start with '..'" - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are currently - supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed - resources, defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - empty_dir: - description: - - EmptyDir represents a temporary directory that shares - a pod's lifetime. - type: complex - contains: - medium: - description: - - What type of storage medium should back this directory. - The default is "" which means to use the node's default - medium. Must be an empty string (default) or Memory. - type: str - fc: - description: - - FC represents a Fibre Channel resource that is attached - to a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - lun: - description: - - 'Required: FC target lun number' - type: int - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - target_ww_ns: - description: - - 'Required: FC target worldwide names (WWNs)' - type: list - contains: str - flex_volume: - description: - - FlexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. This - is an alpha feature and may change in future. - type: complex - contains: - driver: - description: - - Driver is the name of the driver to use for this volume. - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: str - options: - description: - - 'Optional: Extra command options if any.' - type: complex - contains: str, str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_ref: - description: - - 'Optional: SecretRef is reference to the secret object - containing sensitive information to pass to the plugin - scripts. This may be empty if no secret object is - specified. If the secret object contains more than - one secret, all secrets are passed to the plugin scripts.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - flocker: - description: - - Flocker represents a Flocker volume attached to a kubelet's - host machine. This depends on the Flocker control service - being running - type: complex - contains: - dataset_name: - description: - - Name of the dataset stored as metadata -> name on - the dataset for Flocker should be considered as deprecated - type: str - dataset_uuid: - description: - - UUID of the dataset. This is unique identifier of - a Flocker dataset - type: str - gce_persistent_disk: - description: - - GCEPersistentDisk represents a GCE Disk resource that - is attached to a kubelet's host machine and then exposed - to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda - is "0" (or you can leave the property empty).' - type: int - pd_name: - description: - - Unique name of the PD resource in GCE. Used to identify - the disk in GCE. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - git_repo: - description: - - GitRepo represents a git repository at a particular revision. - type: complex - contains: - directory: - description: - - Target directory name. Must not contain or start with - '..'. If '.' is supplied, the volume directory will - be the git repository. Otherwise, if specified, the - volume will contain the git repository in the subdirectory - with the given name. - type: str - repository: - description: - - Repository URL - type: str - revision: - description: - - Commit hash for the specified revision. - type: str - glusterfs: - description: - - Glusterfs represents a Glusterfs mount on the host that - shares a pod's lifetime. - type: complex - contains: - endpoints: - description: - - EndpointsName is the endpoint name that details Glusterfs - topology. - type: str - path: - description: - - Path is the Glusterfs volume path. - type: str - read_only: - description: - - ReadOnly here will force the Glusterfs volume to be - mounted with read-only permissions. Defaults to false. - type: bool - host_path: - description: - - HostPath represents a pre-existing file or directory on - the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most - containers will NOT need this. - type: complex - contains: - path: - description: - - Path of the directory on the host. - type: str - iscsi: - description: - - ISCSI represents an ISCSI Disk resource that is attached - to a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - iqn: - description: - - Target iSCSI Qualified Name. - type: str - iscsi_interface: - description: - - "Optional: Defaults to 'default' (tcp). iSCSI interface\ - \ name that uses an iSCSI transport." - type: str - lun: - description: - - iSCSI target lun number. - type: int - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - target_portal: - description: - - iSCSI target portal. The portal is either an IP or - ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). - type: str - name: - description: - - Volume's name. Must be a DNS_LABEL and unique within the - pod. - type: str - nfs: - description: - - NFS represents an NFS mount on the host that shares a - pod's lifetime - type: complex - contains: - path: - description: - - Path that is exported by the NFS server. - type: str - read_only: - description: - - ReadOnly here will force the NFS export to be mounted - with read-only permissions. Defaults to false. - type: bool - server: - description: - - Server is the hostname or IP address of the NFS server. - type: str - persistent_volume_claim: - description: - - PersistentVolumeClaimVolumeSource represents a reference - to a PersistentVolumeClaim in the same namespace. - type: complex - contains: - claim_name: - description: - - ClaimName is the name of a PersistentVolumeClaim in - the same namespace as the pod using this volume. - type: str - read_only: - description: - - Will force the ReadOnly setting in VolumeMounts. Default - false. - type: bool - photon_persistent_disk: - description: - - PhotonPersistentDisk represents a PhotonController persistent - disk attached and mounted on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - pd_id: - description: - - ID that identifies Photon Controller persistent disk - type: str - quobyte: - description: - - Quobyte represents a Quobyte mount on the host that shares - a pod's lifetime - type: complex - contains: - group: - description: - - Group to map volume access to Default is no group - type: str - read_only: - description: - - ReadOnly here will force the Quobyte volume to be - mounted with read-only permissions. Defaults to false. - type: bool - registry: - description: - - Registry represents a single or multiple Quobyte Registry - services specified as a string as host:port pair (multiple - entries are separated with commas) which acts as the - central registry for volumes - type: str - user: - description: - - User to map volume access to Defaults to serivceaccount - user - type: str - volume: - description: - - Volume is a string that references an already created - Quobyte volume by name. - type: str - rbd: - description: - - RBD represents a Rados Block Device mount on the host - that shares a pod's lifetime. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - image: - description: - - The rados image name. - type: str - keyring: - description: - - Keyring is the path to key ring for RBDUser. Default - is /etc/ceph/keyring. - type: str - monitors: - description: - - A collection of Ceph monitors. - type: list - contains: str - pool: - description: - - The rados pool name. Default is rbd. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - secret_ref: - description: - - SecretRef is name of the authentication secret for - RBDUser. If provided overrides keyring. Default is - nil. - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - The rados user name. Default is admin. - type: str - secret: - description: - - Secret represents a secret that should populate this volume. - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this - setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced Secret will be projected into the - volume as a file whose name is the key and content - is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys - will not be present. If a key is specified which is - not present in the Secret, the volume setup will error. - Paths must be relative and may not contain the '..' - path or start with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result can - be other mode bits set.' - type: int - path: - description: - - The relative path of the file to map the key to. - May not be an absolute path. May not contain the - path element '..'. May not start with the string - '..'. - type: str - secret_name: - description: - - Name of the secret in the pod's namespace to use. - type: str - vsphere_volume: - description: - - VsphereVolume represents a vSphere volume attached and - mounted on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - volume_path: - description: - - Path that identifies vSphere volume vmdk - type: str - status: - description: - - Status is a structure describing current status of a job. - type: complex - contains: - active: - description: - - Active is the number of actively running pods. - type: int - completion_time: - description: - - CompletionTime represents time when the job was completed. It is not - guaranteed to be set in happens-before order across separate operations. - It is represented in RFC3339 form and is in UTC. - type: complex - contains: {} - conditions: - description: - - Conditions represent the latest available observations of an object's - current state. - type: list - contains: - last_probe_time: - description: - - Last time the condition was checked. - type: complex - contains: {} - last_transition_time: - description: - - Last time the condition transit from one status to another. - type: complex - contains: {} - message: - description: - - Human readable message indicating details about last transition. - type: str - reason: - description: - - (brief) reason for the condition's last transition. - type: str - status: - description: - - Status of the condition, one of True, False, Unknown. - type: str - type: - description: - - Type of job condition, Complete or Failed. - type: str - failed: - description: - - Failed is the number of pods which reached Phase Failed. - type: int - start_time: - description: - - StartTime represents time when the job was acknowledged by the Job - Manager. It is not guaranteed to be set in happens-before order across - separate operations. It is represented in RFC3339 form and is in UTC. - type: complex - contains: {} - succeeded: - description: - - Succeeded is the number of pods which reached Phase Succeeded. - type: int - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. - type: str - metadata: - description: - - Standard list metadata - type: complex - contains: - resource_version: - description: - - String that identifies the server's internal version of this object that - can be used by clients to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified back to the server. - Populated by the system. Read-only. - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. Read-only. - type: str -''' - - -def main(): - try: - module = KubernetesAnsibleModule('job_list', 'V1beta1') - except KubernetesAnsibleException as exc: - # The helper failed to init, so there is no module object. All we can do is raise the error. - raise Exception(exc.message) - - try: - module.execute_module() - except KubernetesAnsibleException as exc: - module.fail_json(msg="Module failed!", error=str(exc)) - - -if __name__ == '__main__': - main() diff --git a/library/k8s_v1beta1_local_subject_access_review.py b/library/k8s_v1beta1_local_subject_access_review.py index 47f79404..ebeb6ebb 100644 --- a/library/k8s_v1beta1_local_subject_access_review.py +++ b/library/k8s_v1beta1_local_subject_access_review.py @@ -153,7 +153,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -259,6 +259,150 @@ local_subject_access_review: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -294,6 +438,14 @@ local_subject_access_review: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1beta1_network_policy.py b/library/k8s_v1beta1_network_policy.py index 2f951298..30860769 100644 --- a/library/k8s_v1beta1_network_policy.py +++ b/library/k8s_v1beta1_network_policy.py @@ -79,13 +79,11 @@ options: spec_ingress: description: - List of ingress rules to be applied to the selected pods. Traffic is allowed - to a pod if namespace.networkPolicy.ingress.isolation is undefined and cluster - policy allows it, OR if the traffic source is the pod's local node, OR if the - traffic matches at least one ingress rule across all of the NetworkPolicy objects - whose podSelector matches the pod. If this field is empty then this NetworkPolicy - does not affect ingress isolation. If this field is present and contains at - least one rule, this policy allows any traffic which matches at least one of - the ingress rules in this list. + to a pod if there are no NetworkPolicies selecting the pod OR if the traffic + source is the pod's local node, OR if the traffic matches at least one ingress + rule across all of the NetworkPolicy objects whose podSelector matches the pod. + If this field is empty then this NetworkPolicy does not allow any traffic (and + serves solely to ensure that the pods it selects are isolated by default). aliases: - ingress type: list @@ -136,7 +134,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -243,6 +241,150 @@ network_policy: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -278,6 +420,14 @@ network_policy: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -322,23 +472,21 @@ network_policy: ingress: description: - List of ingress rules to be applied to the selected pods. Traffic is allowed - to a pod if namespace.networkPolicy.ingress.isolation is undefined and - cluster policy allows it, OR if the traffic source is the pod's local - node, OR if the traffic matches at least one ingress rule across all of - the NetworkPolicy objects whose podSelector matches the pod. If this field - is empty then this NetworkPolicy does not affect ingress isolation. If - this field is present and contains at least one rule, this policy allows - any traffic which matches at least one of the ingress rules in this list. + to a pod if there are no NetworkPolicies selecting the pod OR if the traffic + source is the pod's local node, OR if the traffic matches at least one + ingress rule across all of the NetworkPolicy objects whose podSelector + matches the pod. If this field is empty then this NetworkPolicy does not + allow any traffic (and serves solely to ensure that the pods it selects + are isolated by default). type: list contains: _from: description: - List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. - If this field is not provided, this rule matches all sources (traffic - not restricted by source). If this field is empty, this rule matches - no sources (no traffic matches). If this field is present and contains - at least on item, this rule allows traffic only if the traffic matches + If this field is empty or missing, this rule matches all sources (traffic + not restricted by source). If this field is present and contains at + least on item, this rule allows traffic only if the traffic matches at least one item in the from list. type: list contains: @@ -346,9 +494,8 @@ network_policy: description: - Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field - follows standard label selector semantics. If omitted, this selector - selects no namespaces. If present but empty, this selector selects - all namespaces. + follows standard label selector semantics. If present but empty, + this selector selects all namespaces. type: complex contains: match_expressions: @@ -386,9 +533,8 @@ network_policy: pod_selector: description: - This is a label selector which selects Pods in this namespace. - This field follows standard label selector semantics. If not provided, - this selector selects no pods. If present but empty, this selector - selects all pods in this namespace. + This field follows standard label selector semantics. If present + but empty, this selector selects all pods in this namespace. type: complex contains: match_expressions: @@ -427,9 +573,8 @@ network_policy: description: - List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical - OR. If this field is not provided, this rule matches all ports (traffic - not restricted by port). If this field is empty, this rule matches - no ports (no traffic matches). If this field is present and contains + OR. If this field is empty or missing, this rule matches all ports + (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list. type: list @@ -440,8 +585,7 @@ network_policy: be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched. - type: complex - contains: {} + type: str protocol: description: - Optional. The protocol (TCP or UDP) which traffic must match. diff --git a/library/k8s_v1beta1_network_policy_list.py b/library/k8s_v1beta1_network_policy_list.py index bdaf8ee2..12997c13 100644 --- a/library/k8s_v1beta1_network_policy_list.py +++ b/library/k8s_v1beta1_network_policy_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ network_policy_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ network_policy_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -293,35 +444,30 @@ network_policy_list: ingress: description: - List of ingress rules to be applied to the selected pods. Traffic - is allowed to a pod if namespace.networkPolicy.ingress.isolation is - undefined and cluster policy allows it, OR if the traffic source is - the pod's local node, OR if the traffic matches at least one ingress - rule across all of the NetworkPolicy objects whose podSelector matches - the pod. If this field is empty then this NetworkPolicy does not affect - ingress isolation. If this field is present and contains at least - one rule, this policy allows any traffic which matches at least one - of the ingress rules in this list. + is allowed to a pod if there are no NetworkPolicies selecting the + pod OR if the traffic source is the pod's local node, OR if the traffic + matches at least one ingress rule across all of the NetworkPolicy + objects whose podSelector matches the pod. If this field is empty + then this NetworkPolicy does not allow any traffic (and serves solely + to ensure that the pods it selects are isolated by default). type: list contains: _from: description: - List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical - OR operation. If this field is not provided, this rule matches + OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field - is empty, this rule matches no sources (no traffic matches). If - this field is present and contains at least on item, this rule - allows traffic only if the traffic matches at least one item in - the from list. + is present and contains at least on item, this rule allows traffic + only if the traffic matches at least one item in the from list. type: list contains: namespace_selector: description: - Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. - This field follows standard label selector semantics. If omitted, - this selector selects no namespaces. If present but empty, - this selector selects all namespaces. + This field follows standard label selector semantics. If present + but empty, this selector selects all namespaces. type: complex contains: match_expressions: @@ -361,9 +507,8 @@ network_policy_list: pod_selector: description: - This is a label selector which selects Pods in this namespace. - This field follows standard label selector semantics. If not - provided, this selector selects no pods. If present but empty, - this selector selects all pods in this namespace. + This field follows standard label selector semantics. If present + but empty, this selector selects all pods in this namespace. type: complex contains: match_expressions: @@ -404,11 +549,10 @@ network_policy_list: description: - List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical - OR. If this field is not provided, this rule matches all ports - (traffic not restricted by port). If this field is empty, this - rule matches no ports (no traffic matches). If this field is present - and contains at least one item, then this rule allows traffic - only if the traffic matches at least one port in the list. + OR. If this field is empty or missing, this rule matches all ports + (traffic not restricted by port). If this field is present and + contains at least one item, then this rule allows traffic only + if the traffic matches at least one port in the list. type: list contains: port: @@ -417,8 +561,7 @@ network_policy_list: be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched. - type: complex - contains: {} + type: str protocol: description: - Optional. The protocol (TCP or UDP) which traffic must match. diff --git a/library/k8s_v1beta1_pod_disruption_budget.py b/library/k8s_v1beta1_pod_disruption_budget.py index c0d6eff8..088708da 100644 --- a/library/k8s_v1beta1_pod_disruption_budget.py +++ b/library/k8s_v1beta1_pod_disruption_budget.py @@ -76,6 +76,14 @@ options: - Provide the YAML definition for the object, bypassing any modules parameters intended to define object attributes. type: dict + spec_max_unavailable: + description: + - An eviction is allowed if at most "maxUnavailable" pods selected by "selector" + are unavailable after the eviction, i.e. even in absence of the evicted pod. + For example, one can prevent all voluntary evictions by specifying 0. This is + a mutually exclusive setting with "minAvailable". + aliases: + - max_unavailable spec_min_available: description: - An eviction is allowed if at least "minAvailable" pods selected by "selector" @@ -131,7 +139,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -237,6 +245,150 @@ pod_disruption_budget: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -272,6 +424,14 @@ pod_disruption_budget: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -313,14 +473,20 @@ pod_disruption_budget: - Specification of the desired behavior of the PodDisruptionBudget. type: complex contains: + max_unavailable: + description: + - An eviction is allowed if at most "maxUnavailable" pods selected by "selector" + are unavailable after the eviction, i.e. even in absence of the evicted + pod. For example, one can prevent all voluntary evictions by specifying + 0. This is a mutually exclusive setting with "minAvailable". + type: str min_available: description: - An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%". - type: complex - contains: {} + type: str selector: description: - Label query over pods whose evictions are managed by the disruption budget. @@ -385,7 +551,7 @@ pod_disruption_budget: of the time. Large number of entries in the map may indicate problems with pod deletions. type: complex - contains: str, UnversionedTime + contains: str, datetime disruptions_allowed: description: - Number of pod disruptions that are currently allowed. diff --git a/library/k8s_v1beta1_pod_disruption_budget_list.py b/library/k8s_v1beta1_pod_disruption_budget_list.py index 2b96b2c4..468bcd3c 100644 --- a/library/k8s_v1beta1_pod_disruption_budget_list.py +++ b/library/k8s_v1beta1_pod_disruption_budget_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -208,6 +204,153 @@ pod_disruption_budget_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -244,6 +387,14 @@ pod_disruption_budget_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -288,14 +439,20 @@ pod_disruption_budget_list: - Specification of the desired behavior of the PodDisruptionBudget. type: complex contains: + max_unavailable: + description: + - An eviction is allowed if at most "maxUnavailable" pods selected by + "selector" are unavailable after the eviction, i.e. even in absence + of the evicted pod. For example, one can prevent all voluntary evictions + by specifying 0. This is a mutually exclusive setting with "minAvailable". + type: str min_available: description: - An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%". - type: complex - contains: {} + type: str selector: description: - Label query over pods whose evictions are managed by the disruption @@ -361,7 +518,7 @@ pod_disruption_budget_list: be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions. type: complex - contains: str, UnversionedTime + contains: str, datetime disruptions_allowed: description: - Number of pod disruptions that are currently allowed. diff --git a/library/openshift_v1beta1_pod_security_policy.py b/library/k8s_v1beta1_pod_security_policy.py similarity index 71% rename from library/openshift_v1beta1_pod_security_policy.py rename to library/k8s_v1beta1_pod_security_policy.py index a4c29842..72a31a87 100644 --- a/library/openshift_v1beta1_pod_security_policy.py +++ b/library/k8s_v1beta1_pod_security_policy.py @@ -1,10 +1,10 @@ #!/usr/bin/env python -from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException DOCUMENTATION = ''' -module: openshift_v1beta1_pod_security_policy -short_description: OpenShift PodSecurityPolicy +module: k8s_v1beta1_pod_security_policy +short_description: Kubernetes PodSecurityPolicy description: - Manage the lifecycle of a pod_security_policy object. Supports check mode, and attempts to to be idempotent. @@ -71,6 +71,11 @@ options: password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict spec_allowed_capabilities: description: - AllowedCapabilities is a list of capabilities that can be requested to add to @@ -205,10 +210,29 @@ options: aliases: - volumes type: list + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path ssl_ca_cert: description: - Path to a CA certificate used to authenticate with the API. type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent username: description: - Provide a username for connecting to the API. @@ -217,7 +241,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -229,7 +253,7 @@ api_version: description: Requested API version pod_security_policy: type: complex - returned: on success + returned: when I(state) = C(present) contains: api_version: description: @@ -324,6 +348,150 @@ pod_security_policy: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -359,6 +527,14 @@ pod_security_policy: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -580,14 +756,14 @@ pod_security_policy: def main(): try: - module = OpenShiftAnsibleModule('pod_security_policy', 'V1beta1') - except OpenShiftAnsibleException as exc: + module = KubernetesAnsibleModule('pod_security_policy', 'V1beta1') + except KubernetesAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) try: module.execute_module() - except OpenShiftAnsibleException as exc: + except KubernetesAnsibleException as exc: module.fail_json(msg="Module failed!", error=str(exc)) diff --git a/library/openshift_v1beta1_pod_security_policy_list.py b/library/k8s_v1beta1_pod_security_policy_list.py similarity index 66% rename from library/openshift_v1beta1_pod_security_policy_list.py rename to library/k8s_v1beta1_pod_security_policy_list.py index c1617bcc..b51004da 100644 --- a/library/openshift_v1beta1_pod_security_policy_list.py +++ b/library/k8s_v1beta1_pod_security_policy_list.py @@ -1,10 +1,10 @@ #!/usr/bin/env python -from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException DOCUMENTATION = ''' -module: openshift_v1beta1_pod_security_policy_list -short_description: OpenShift PodSecurityPolicyList +module: k8s_v1beta1_pod_security_policy_list +short_description: Kubernetes PodSecurityPolicyList description: - Retrieve a list of pod_security_policys. List operations provide a snapshot read of the underlying objects, returning a resource_version representing a consistent @@ -46,17 +46,37 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path ssl_ca_cert: description: - Path to a CA certificate used to authenticate with the API. type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent username: description: - Provide a username for connecting to the API. @@ -65,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -77,7 +97,7 @@ api_version: description: Requested API version pod_security_policy_list: type: complex - returned: on success + returned: when I(state) = C(present) contains: api_version: description: @@ -186,6 +206,153 @@ pod_security_policy_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -222,6 +389,14 @@ pod_security_policy_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -470,14 +645,14 @@ pod_security_policy_list: def main(): try: - module = OpenShiftAnsibleModule('pod_security_policy_list', 'V1beta1') - except OpenShiftAnsibleException as exc: + module = KubernetesAnsibleModule('pod_security_policy_list', 'V1beta1') + except KubernetesAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) try: module.execute_module() - except OpenShiftAnsibleException as exc: + except KubernetesAnsibleException as exc: module.fail_json(msg="Module failed!", error=str(exc)) diff --git a/library/k8s_v1beta1_replica_set.py b/library/k8s_v1beta1_replica_set.py index fa9c95d5..8050d600 100644 --- a/library/k8s_v1beta1_replica_set.py +++ b/library/k8s_v1beta1_replica_set.py @@ -138,6 +138,98 @@ options: aliases: - active_deadline_seconds type: int + spec_template_spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + spec_template_spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - automount_service_account_token + type: bool spec_template_spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -147,10 +239,18 @@ options: type: list spec_template_spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - dns_policy + spec_template_spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - host_aliases + type: list spec_template_spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -186,6 +286,21 @@ options: aliases: - image_pull_secrets type: list + spec_template_spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - init_containers + type: list spec_template_spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -207,6 +322,12 @@ options: Never. Default to Always. aliases: - restart_policy + spec_template_spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - scheduler_name spec_template_spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -295,6 +416,12 @@ options: aliases: - termination_grace_period_seconds type: int + spec_template_spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - tolerations + type: list spec_template_spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. @@ -332,7 +459,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -451,6 +578,150 @@ replica_set: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -486,6 +757,14 @@ replica_set: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -669,6 +948,158 @@ replica_set: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -706,6 +1137,14 @@ replica_set: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -757,6 +1196,493 @@ replica_set: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -828,11 +1754,17 @@ replica_set: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -861,8 +1793,7 @@ replica_set: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -881,6 +1812,53 @@ replica_set: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -957,8 +1935,7 @@ replica_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -970,13 +1947,17 @@ replica_set: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -1039,8 +2020,7 @@ replica_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1052,13 +2032,17 @@ replica_set: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -1122,8 +2106,7 @@ replica_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1151,13 +2134,17 @@ replica_set: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1269,8 +2256,7 @@ replica_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1298,13 +2284,17 @@ replica_set: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1320,7 +2310,7 @@ replica_set: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1328,10 +2318,10 @@ replica_set: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1432,7 +2422,20 @@ replica_set: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -1472,9 +2475,27 @@ replica_set: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1507,6 +2528,805 @@ replica_set: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -1525,6 +3345,11 @@ replica_set: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1621,6 +3446,46 @@ replica_set: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -1684,6 +3549,13 @@ replica_set: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -1793,9 +3665,9 @@ replica_set: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -1821,6 +3693,10 @@ replica_set: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -1889,8 +3765,7 @@ replica_set: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1907,6 +3782,15 @@ replica_set: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -2081,6 +3965,14 @@ replica_set: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -2101,11 +3993,27 @@ replica_set: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -2167,6 +4075,209 @@ replica_set: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2249,6 +4360,67 @@ replica_set: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2271,8 +4443,9 @@ replica_set: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -2294,10 +4467,58 @@ replica_set: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -2310,6 +4531,15 @@ replica_set: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/k8s_v1beta1_replica_set_list.py b/library/k8s_v1beta1_replica_set_list.py index cf89c073..745cb8a8 100644 --- a/library/k8s_v1beta1_replica_set_list.py +++ b/library/k8s_v1beta1_replica_set_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -211,6 +207,153 @@ replica_set_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -247,6 +390,14 @@ replica_set_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -439,6 +590,162 @@ replica_set_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -477,6 +784,15 @@ replica_set_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -529,6 +845,510 @@ replica_set_list: try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the + system may or may not try to eventually evict the + pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system will try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must + be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some + other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by + iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches + the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this + field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system will + try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this + field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot @@ -602,11 +1422,17 @@ replica_set_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -636,8 +1462,7 @@ replica_set_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -656,6 +1481,53 @@ replica_set_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -734,8 +1606,7 @@ replica_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -747,13 +1618,17 @@ replica_set_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is @@ -817,8 +1692,7 @@ replica_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -830,13 +1704,17 @@ replica_set_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be @@ -901,8 +1779,7 @@ replica_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -930,13 +1807,17 @@ replica_set_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1052,8 +1933,7 @@ replica_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1081,13 +1961,17 @@ replica_set_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1104,7 +1988,7 @@ replica_set_list: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1112,10 +1996,10 @@ replica_set_list: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1221,8 +2105,21 @@ replica_set_list: \ termination message will be written is mounted into\ \ the container's filesystem. Message written is intended\ \ to be brief final status, such as an assertion failure\ - \ message. Defaults to /dev/termination-log. Cannot be\ - \ updated." + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. type: str tty: description: @@ -1263,9 +2160,27 @@ replica_set_list: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To + have DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will + be injected into the pod's hosts file if specified. This is + only valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1299,6 +2214,825 @@ replica_set_list: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init + containers are executed in order prior to containers being + started. If any init container fails, the pod is considered + to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be + unique among all containers. Init containers may not have + Lifecycle actions, Readiness probes, or Liveness probes. The + resourceRequirements of an init container are taken into account + during scheduling by finding the highest request/limit for + each resource type, and then using the max of of that value + or the sum of the normal containers. Limits are applied to + init containers in a similar fashion. Init containers cannot + currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is\ + \ used if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a\ + \ variable cannot be resolved, the reference in the input\ + \ string will be unchanged. The $(VAR_NAME) syntax can\ + \ be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided.\ + \ Variable references $(VAR_NAME) are expanded using the\ + \ container's environment. If a variable cannot be resolved,\ + \ the reference in the input string will be unchanged.\ + \ The $(VAR_NAME) syntax can be escaped with a double\ + \ $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists\ + \ or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. + Cannot be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the + container and any service environment variables. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot + be used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must + be a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container + is created. If the handler fails, the container is + terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is + terminated. The container is terminated after the + handler completes. The reason for termination is passed + to the handler. Regardless of the outcome of the handler, + the container is eventually terminated. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be + restarted if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be + updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a + port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will + be accessible from the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If + HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have + a unique name. Name for the port that can be referred + to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to + "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. + Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be + updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted + by the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the + host. Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image + at runtime to ensure that it does not run as UID 0 + (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate + a random SELinux context for each container. May also + be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the + container. + type: str + role: + description: + - Role is a SELinux role label that applies to the + container. + type: str + type: + description: + - Type is a SELinux type label that applies to the + container. + type: str + user: + description: + - User is a SELinux user label that applies to the + container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default + is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple + attach sessions. If stdinOnce is set to true, stdin is + opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into\ + \ the container's filesystem. Message written is intended\ + \ to be brief final status, such as an assertion failure\ + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, + also requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should + be mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific @@ -1317,6 +3051,11 @@ replica_set_list: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1415,6 +3154,46 @@ replica_set_list: Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a + pod can tolerate all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If + the operator is Exists, the value should be empty, otherwise + just a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging @@ -1479,6 +3258,13 @@ replica_set_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will @@ -1591,8 +3377,9 @@ replica_set_list: projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will - error. Paths must be relative and may not contain - the '..' path or start with '..'. + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. type: list contains: key: @@ -1619,6 +3406,11 @@ replica_set_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be + defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that @@ -1689,8 +3481,7 @@ replica_set_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1707,6 +3498,16 @@ replica_set_list: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir + would be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that the + limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached @@ -1884,6 +3685,14 @@ replica_set_list: to a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -1904,11 +3713,27 @@ replica_set_list: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an + IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or @@ -1972,6 +3797,217 @@ replica_set_list: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and + mounted on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to + be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and + downward API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must + be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will + be projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys + must be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: + only annotations, labels, name and namespace + are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath + is written in terms of, defaults to + "v1". + type: str + field_path: + description: + - Path of the field to select in the + specified API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not\ + \ be absolute or contain the '..' path.\ + \ Must be utf-8 encoded. The first item\ + \ of the relative path must not start\ + \ with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the + exposed resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced Secret will be + projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must + be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2055,6 +4091,68 @@ replica_set_list: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured + storage (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user + and other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should + be thick or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2077,9 +4175,9 @@ replica_set_list: is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is - not present in the Secret, the volume setup will error. - Paths must be relative and may not contain the '..' - path or start with '..'. + not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. type: list contains: key: @@ -2102,10 +4200,60 @@ replica_set_list: path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then + the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and @@ -2119,6 +4267,15 @@ replica_set_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/k8s_v1beta1_role.py b/library/k8s_v1beta1_role.py new file mode 100644 index 00000000..d3f47efe --- /dev/null +++ b/library/k8s_v1beta1_role.py @@ -0,0 +1,501 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1beta1_role +short_description: Kubernetes Role +description: +- Manage the lifecycle of a role object. Supports check mode, and attempts to to be + idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + rules: + description: + - Rules holds all the PolicyRules for this Role + type: list + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +role: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + rules: + description: + - Rules holds all the PolicyRules for this Role + type: list + contains: + api_groups: + description: + - APIGroups is the name of the APIGroup that contains the resources. If + multiple API groups are specified, any action requested against one of + the enumerated resources in any API group will be allowed. + type: list + contains: str + non_resource_ur_ls: + description: + - NonResourceURLs is a set of partial urls that a user should have access + to. *s are allowed, but only as the full, final step in the path Since + non-resource URLs are not namespaced, this field is only applicable for + ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply + to API resources (such as "pods" or "secrets") or non-resource URL paths + (such as "/api"), but not both. + type: list + contains: str + resource_names: + description: + - ResourceNames is an optional white list of names that the rule applies + to. An empty set means that everything is allowed. + type: list + contains: str + resources: + description: + - Resources is a list of resources this rule applies to. ResourceAll represents + all resources. + type: list + contains: str + verbs: + description: + - Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions + contained in this rule. VerbAll represents all kinds. + type: list + contains: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('role', 'V1beta1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/openshift_v1_cluster_policy.py b/library/k8s_v1beta1_role_binding.py similarity index 54% rename from library/openshift_v1_cluster_policy.py rename to library/k8s_v1beta1_role_binding.py index 720425e4..c9bf45e6 100644 --- a/library/openshift_v1_cluster_policy.py +++ b/library/k8s_v1beta1_role_binding.py @@ -1,12 +1,12 @@ #!/usr/bin/env python -from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException DOCUMENTATION = ''' -module: openshift_v1_cluster_policy -short_description: OpenShift ClusterPolicy +module: k8s_v1beta1_role_binding +short_description: Kubernetes RoleBinding description: -- Manage the lifecycle of a cluster_policy object. Supports check mode, and attempts +- Manage the lifecycle of a role_binding object. Supports check mode, and attempts to to be idempotent. version_added: 2.3.0 author: OpenShift (@openshift) @@ -76,10 +76,21 @@ options: - Provide the YAML definition for the object, bypassing any modules parameters intended to define object attributes. type: dict - roles: + role_ref_api_group: description: - - Roles holds all the ClusterRoles held by this ClusterPolicy, mapped by ClusterRole.Name - type: list + - APIGroup is the group for the resource being referenced + aliases: + - api_group + role_ref_kind: + description: + - Kind is the type of resource being referenced + aliases: + - kind + role_ref_name: + description: + - Name is the name of resource being referenced + aliases: + - name src: description: - Provide a path to a file containing the YAML definition of the object. Mutually @@ -103,6 +114,10 @@ options: choices: - present - absent + subjects: + description: + - Subjects holds references to the objects the role applies to. + type: list username: description: - Provide a username for connecting to the API. @@ -111,7 +126,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -121,7 +136,7 @@ RETURN = ''' api_version: type: string description: Requested API version -cluster_policy: +role_binding: type: complex returned: when I(state) = C(present) contains: @@ -137,12 +152,6 @@ cluster_policy: Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. type: str - last_modified: - description: - - LastModified is the last time that any part of the ClusterPolicy was created, - updated, or deleted - type: complex - contains: {} metadata: description: - Standard object's metadata. @@ -224,6 +233,150 @@ cluster_policy: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -259,6 +412,14 @@ cluster_policy: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -295,260 +456,65 @@ cluster_policy: generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. type: str - roles: + role_ref: description: - - Roles holds all the ClusterRoles held by this ClusterPolicy, mapped by ClusterRole.Name - type: list + - RoleRef can reference a Role in the current namespace or a ClusterRole in + the global namespace. If the RoleRef cannot be resolved, the Authorizer must + return an error. + type: complex contains: + api_group: + description: + - APIGroup is the group for the resource being referenced + type: str + kind: + description: + - Kind is the type of resource being referenced + type: str name: description: - - Name is the name of the cluster role + - Name is the name of resource being referenced type: str - role: + subjects: + description: + - Subjects holds references to the objects the role applies to. + type: list + contains: + api_group: description: - - Role is the cluster role being named - type: complex - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of - an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object - represents. Servers may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - type: str - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource - that may be set by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be preserved when - modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used - to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver - is going to ignore it if set in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in - happens-before order across separate operations. Clients may not - set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource - will be deleted. This field is set by the server when a graceful - deletion is requested by the user, and is not directly settable - by a client. The resource is expected to be deleted (no longer - visible from resource lists, and not reachable by name) after - the time in this field. Once set, this value may not be unset - or be set further into the future, although it may be shortened - or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet - will react by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a hard - termination signal (SIGKILL) to the container and after cleanup, - remove the pod from the API. In the presence of network partitions, - this object may still exist after this timestamp, until an administrator - or automated process can determine the resource is fully terminated. - If not set, graceful deletion of the object has not been requested. - Populated by the system when a graceful deletion is requested. - Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component that - will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate - a unique name ONLY IF the Name field has not been provided. If - this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a - unique suffix. The provided value has the same validation rules - as the Name field, and may be truncated by the length of the suffix - required to make the value unique on the server. If this field - is specified and the generated name exists, the server will NOT - return a 409 - instead, it will either return 201 Created or 500 - with Reason ServerTimeout indicating a unique name could not be - found in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied only - if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired - state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and - categorize (scope and select) objects. May match selectors of - replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration definition. - Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An - empty namespace is equivalent to the "default" namespace, but - "default" is the canonical representation. Not all objects are - required to be scoped to a namespace - the value of this field - for those objects will be empty. Must be a DNS_LABEL. Cannot be - updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the - list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object - that can be used by clients to determine when objects have changed. - May be used for optimistic concurrency, change detection, and - the watch operation on a resource or set of resources. Clients - must treat these values as opaque and passed unmodified back to - the server. They may only be valid for a particular resource or - set of resources. Populated by the system. Read-only. Value must - be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. - Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It - is typically generated by the server on successful creation of - a resource and is not allowed to change on PUT operations. Populated - by the system. Read-only. - type: str - rules: - description: - - Rules holds all the PolicyRules for this ClusterRole - type: list - contains: - api_groups: - description: - - APIGroups is the name of the APIGroup that contains the resources. - If this field is empty, then both kubernetes and origin API groups - are assumed. That means that if an action is requested against - one of the enumerated resources in either the kubernetes or the - origin API group, the request will be allowed - type: list - contains: str - attribute_restrictions: - description: - - AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder - pair supports. If the Authorizer does not recognize how to handle - the AttributeRestrictions, the Authorizer should report an error. - type: complex - contains: - raw: - description: - - Raw is the underlying serialization of this object. - type: str - non_resource_ur_ls: - description: - - NonResourceURLsSlice is a set of partial urls that a user should - have access to. *s are allowed, but only as the full, final step - in the path This name is intentionally different than the internal - type so that the DefaultConvert works nicely and because the ordering - may be different. - type: list - contains: str - resource_names: - description: - - ResourceNames is an optional white list of names that the rule - applies to. An empty set means that everything is allowed. - type: list - contains: str - resources: - description: - - Resources is a list of resources this rule applies to. ResourceAll - represents all resources. - type: list - contains: str - verbs: - description: - - Verbs is a list of Verbs that apply to ALL the ResourceKinds and - AttributeRestrictions contained in this rule. VerbAll represents - all kinds. - type: list - contains: str + - APIGroup holds the API group of the referenced subject. Defaults to "" + for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for + User and Group subjects. + type: str + kind: + description: + - Kind of object being referenced. Values defined by this API group are + "User", "Group", and "ServiceAccount". If the Authorizer does not recognized + the kind value, the Authorizer should report an error. + type: str + name: + description: + - Name of the object being referenced. + type: str + namespace: + description: + - Namespace of the referenced object. If the object kind is non-namespace, + such as "User" or "Group", and this value is not empty the Authorizer + should report an error. + type: str ''' def main(): try: - module = OpenShiftAnsibleModule('cluster_policy', 'V1') - except OpenShiftAnsibleException as exc: + module = KubernetesAnsibleModule('role_binding', 'V1beta1') + except KubernetesAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) try: module.execute_module() - except OpenShiftAnsibleException as exc: + except KubernetesAnsibleException as exc: module.fail_json(msg="Module failed!", error=str(exc)) diff --git a/library/openshift_v1_cluster_policy_list.py b/library/k8s_v1beta1_role_binding_list.py similarity index 53% rename from library/openshift_v1_cluster_policy_list.py rename to library/k8s_v1beta1_role_binding_list.py index 7f0625df..7a4a0119 100644 --- a/library/openshift_v1_cluster_policy_list.py +++ b/library/k8s_v1beta1_role_binding_list.py @@ -1,12 +1,12 @@ #!/usr/bin/env python -from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException DOCUMENTATION = ''' -module: openshift_v1_cluster_policy_list -short_description: OpenShift ClusterPolicyList +module: k8s_v1beta1_role_binding_list +short_description: Kubernetes RoleBindingList description: -- Retrieve a list of cluster_policys. List operations provide a snapshot read of the +- Retrieve a list of role_bindings. List operations provide a snapshot read of the underlying objects, returning a resource_version representing a consistent version of the listed objects. version_added: 2.3.0 @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -99,7 +95,7 @@ RETURN = ''' api_version: type: string description: Requested API version -cluster_policy_list: +role_binding_list: type: complex returned: when I(state) = C(present) contains: @@ -111,7 +107,7 @@ cluster_policy_list: type: str items: description: - - Items is a list of ClusterPolicies + - Items is a list of RoleBindings type: list contains: api_version: @@ -126,12 +122,6 @@ cluster_policy_list: Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. type: str - last_modified: - description: - - LastModified is the last time that any part of the ClusterPolicy was created, - updated, or deleted - type: complex - contains: {} metadata: description: - Standard object's metadata. @@ -216,6 +206,153 @@ cluster_policy_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -252,6 +389,14 @@ cluster_policy_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -291,256 +436,52 @@ cluster_policy_list: not allowed to change on PUT operations. Populated by the system. Read-only. type: str - roles: + role_ref: description: - - Roles holds all the ClusterRoles held by this ClusterPolicy, mapped by - ClusterRole.Name - type: list + - RoleRef can reference a Role in the current namespace or a ClusterRole + in the global namespace. If the RoleRef cannot be resolved, the Authorizer + must return an error. + type: complex contains: + api_group: + description: + - APIGroup is the group for the resource being referenced + type: str + kind: + description: + - Kind is the type of resource being referenced + type: str name: description: - - Name is the name of the cluster role + - Name is the name of resource being referenced type: str - role: + subjects: + description: + - Subjects holds references to the objects the role applies to. + type: list + contains: + api_group: description: - - Role is the cluster role being named - type: complex - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the - latest internal value, and may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object - represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. - type: str - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a - resource that may be set by external tools to store and retrieve - arbitrary metadata. They are not queryable and should be preserved - when modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This - is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right - now and apiserver is going to ignore it if set in create or - update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set - in happens-before order across separate operations. Clients - may not set this value. It is represented in RFC3339 form - and is in UTC. Populated by the system. Read-only. Null for - lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this - resource will be deleted. This field is set by the server - when a graceful deletion is requested by the user, and is - not directly settable by a client. The resource is expected - to be deleted (no longer visible from resource lists, and - not reachable by name) after the time in this field. Once - set, this value may not be unset or be set further into the - future, although it may be shortened or the resource may be - deleted prior to this time. For example, a user may request - that a pod is deleted in 30 seconds. The Kubelet will react - by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a - hard termination signal (SIGKILL) to the container and after - cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, - until an administrator or automated process can determine - the resource is fully terminated. If not set, graceful deletion - of the object has not been requested. Populated by the system - when a graceful deletion is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be - removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to - generate a unique name ONLY IF the Name field has not been - provided. If this field is used, the name returned to the - client will be different than the name passed. This value - will also be combined with a unique suffix. The provided value - has the same validation rules as the Name field, and may be - truncated by the length of the suffix required to make the - value unique on the server. If this field is specified and - the generated name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found - in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied - only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the - desired state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors - of replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name - is primarily intended for creation idempotence and configuration - definition. Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. - An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. - Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in - the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in - this list will point to this controller, with the controller - field set to true. There cannot be more than one managing - controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this - object that can be used by clients to determine when objects - have changed. May be used for optimistic concurrency, change - detection, and the watch operation on a resource or set of - resources. Clients must treat these values as opaque and passed - unmodified back to the server. They may only be valid for - a particular resource or set of resources. Populated by the - system. Read-only. Value must be treated as opaque by clients - and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the - system. Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. - It is typically generated by the server on successful creation - of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. - type: str - rules: - description: - - Rules holds all the PolicyRules for this ClusterRole - type: list - contains: - api_groups: - description: - - APIGroups is the name of the APIGroup that contains the resources. - If this field is empty, then both kubernetes and origin API - groups are assumed. That means that if an action is requested - against one of the enumerated resources in either the kubernetes - or the origin API group, the request will be allowed - type: list - contains: str - attribute_restrictions: - description: - - AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder - pair supports. If the Authorizer does not recognize how to - handle the AttributeRestrictions, the Authorizer should report - an error. - type: complex - contains: - raw: - description: - - Raw is the underlying serialization of this object. - type: str - non_resource_ur_ls: - description: - - NonResourceURLsSlice is a set of partial urls that a user - should have access to. *s are allowed, but only as the full, - final step in the path This name is intentionally different - than the internal type so that the DefaultConvert works nicely - and because the ordering may be different. - type: list - contains: str - resource_names: - description: - - ResourceNames is an optional white list of names that the - rule applies to. An empty set means that everything is allowed. - type: list - contains: str - resources: - description: - - Resources is a list of resources this rule applies to. ResourceAll - represents all resources. - type: list - contains: str - verbs: - description: - - Verbs is a list of Verbs that apply to ALL the ResourceKinds - and AttributeRestrictions contained in this rule. VerbAll - represents all kinds. - type: list - contains: str + - APIGroup holds the API group of the referenced subject. Defaults to + "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: str + kind: + description: + - Kind of object being referenced. Values defined by this API group + are "User", "Group", and "ServiceAccount". If the Authorizer does + not recognized the kind value, the Authorizer should report an error. + type: str + name: + description: + - Name of the object being referenced. + type: str + namespace: + description: + - Namespace of the referenced object. If the object kind is non-namespace, + such as "User" or "Group", and this value is not empty the Authorizer + should report an error. + type: str kind: description: - Kind is a string value representing the REST resource this object represents. @@ -568,14 +509,14 @@ cluster_policy_list: def main(): try: - module = OpenShiftAnsibleModule('cluster_policy_list', 'V1') - except OpenShiftAnsibleException as exc: + module = KubernetesAnsibleModule('role_binding_list', 'V1beta1') + except KubernetesAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) try: module.execute_module() - except OpenShiftAnsibleException as exc: + except KubernetesAnsibleException as exc: module.fail_json(msg="Module failed!", error=str(exc)) diff --git a/library/k8s_v1beta1_role_list.py b/library/k8s_v1beta1_role_list.py new file mode 100644 index 00000000..694edfae --- /dev/null +++ b/library/k8s_v1beta1_role_list.py @@ -0,0 +1,518 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v1beta1_role_list +short_description: Kubernetes RoleList +description: +- Retrieve a list of roles. List operations provide a snapshot read of the underlying + objects, returning a resource_version representing a consistent version of the listed + objects. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +role_list: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + items: + description: + - Items is a list of Roles + type: list + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource + that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used + to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is + going to ignore it if set in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. + It is represented in RFC3339 form and is in UTC. Populated by the + system. Read-only. Null for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource + will be deleted. This field is set by the server when a graceful deletion + is requested by the user, and is not directly settable by a client. + The resource is expected to be deleted (no longer visible from resource + lists, and not reachable by name) after the time in this field. Once + set, this value may not be unset or be set further into the future, + although it may be shortened or the resource may be deleted prior + to this time. For example, a user may request that a pod is deleted + in 30 seconds. The Kubelet will react by sending a graceful termination + signal to the containers in the pod. After that 30 seconds, the Kubelet + will send a hard termination signal (SIGKILL) to the container and + after cleanup, remove the pod from the API. In the presence of network + partitions, this object may still exist after this timestamp, until + an administrator or automated process can determine the resource is + fully terminated. If not set, graceful deletion of the object has + not been requested. Populated by the system when a graceful deletion + is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each + entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is + non-nil, entries in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate + a unique name ONLY IF the Name field has not been provided. If this + field is used, the name returned to the client will be different than + the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make + the value unique on the server. If this field is specified and the + generated name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time allotted, + and the client should retry (optionally after the time indicated in + the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired + state. Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily + intended for creation idempotence and configuration definition. Cannot + be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" + is the canonical representation. Not all objects are required to be + scoped to a namespace - the value of this field for those objects + will be empty. Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list + have been deleted, this object will be garbage collected. If this + object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object + that can be used by clients to determine when objects have changed. + May be used for optimistic concurrency, change detection, and the + watch operation on a resource or set of resources. Clients must treat + these values as opaque and passed unmodified back to the server. They + may only be valid for a particular resource or set of resources. Populated + by the system. Read-only. Value must be treated as opaque by clients + and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. + Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is + not allowed to change on PUT operations. Populated by the system. + Read-only. + type: str + rules: + description: + - Rules holds all the PolicyRules for this Role + type: list + contains: + api_groups: + description: + - APIGroups is the name of the APIGroup that contains the resources. + If multiple API groups are specified, any action requested against + one of the enumerated resources in any API group will be allowed. + type: list + contains: str + non_resource_ur_ls: + description: + - NonResourceURLs is a set of partial urls that a user should have access + to. *s are allowed, but only as the full, final step in the path Since + non-resource URLs are not namespaced, this field is only applicable + for ClusterRoles referenced from a ClusterRoleBinding. Rules can either + apply to API resources (such as "pods" or "secrets") or non-resource + URL paths (such as "/api"), but not both. + type: list + contains: str + resource_names: + description: + - ResourceNames is an optional white list of names that the rule applies + to. An empty set means that everything is allowed. + type: list + contains: str + resources: + description: + - Resources is a list of resources this rule applies to. ResourceAll + represents all resources. + type: list + contains: str + verbs: + description: + - Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions + contained in this rule. VerbAll represents all kinds. + type: list + contains: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this object that + can be used by clients to determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('role_list', 'V1beta1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v1beta1_self_subject_access_review.py b/library/k8s_v1beta1_self_subject_access_review.py index e2d8bba0..dca73a1a 100644 --- a/library/k8s_v1beta1_self_subject_access_review.py +++ b/library/k8s_v1beta1_self_subject_access_review.py @@ -134,7 +134,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -240,6 +240,150 @@ self_subject_access_review: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -275,6 +419,14 @@ self_subject_access_review: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1beta1_stateful_set.py b/library/k8s_v1beta1_stateful_set.py index 9cf0c2bc..a0158419 100644 --- a/library/k8s_v1beta1_stateful_set.py +++ b/library/k8s_v1beta1_stateful_set.py @@ -76,15 +76,35 @@ options: - Provide the YAML definition for the object, bypassing any modules parameters intended to define object attributes. type: dict + spec_pod_management_policy: + description: + - podManagementPolicy controls how pods are created during initial scale up, when + replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, + where pods are created in increasing order (pod-0, then pod-1, etc) and the + controller will wait until each pod is ready before continuing. When scaling + down, the pods are removed in the opposite order. The alternative policy is + `Parallel` which will create pods in parallel to match the desired scale without + waiting, and on scale down will delete all pods at once. + aliases: + - pod_management_policy spec_replicas: description: - - Replicas is the desired number of replicas of the given Template. These are + - replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1. aliases: - replicas type: int + spec_revision_history_limit: + description: + - revisionHistoryLimit is the maximum number of revisions that will be maintained + in the StatefulSet's revision history. The revision history consists of all + revisions not represented by a currently applied StatefulSetSpec version. The + default value is 10. + aliases: + - revision_history_limit + type: int spec_selector_match_expressions: description: - matchExpressions is a list of label selector requirements. The requirements @@ -103,7 +123,7 @@ options: type: dict spec_service_name: description: - - 'ServiceName is the name of the service that governs this StatefulSet. This + - 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.' @@ -140,6 +160,98 @@ options: aliases: - active_deadline_seconds type: int + spec_template_spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + spec_template_spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - automount_service_account_token + type: bool spec_template_spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -149,10 +261,18 @@ options: type: list spec_template_spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - dns_policy + spec_template_spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - host_aliases + type: list spec_template_spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -188,6 +308,21 @@ options: aliases: - image_pull_secrets type: list + spec_template_spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - init_containers + type: list spec_template_spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -209,6 +344,12 @@ options: Never. Default to Always. aliases: - restart_policy + spec_template_spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - scheduler_name spec_template_spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -297,15 +438,32 @@ options: aliases: - termination_grace_period_seconds type: int + spec_template_spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - tolerations + type: list spec_template_spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. aliases: - volumes type: list + spec_update_strategy_rolling_update_partition: + description: + - Partition indicates the ordinal at which the StatefulSet should be partitioned. + aliases: + - update_strategy_rolling_update_partition + type: int + spec_update_strategy_type: + description: + - Type indicates the type of the StatefulSetUpdateStrategy. + aliases: + - update_strategy_type spec_volume_claim_templates: description: - - VolumeClaimTemplates is a list of claims that pods are allowed to reference. + - volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the @@ -345,7 +503,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -467,6 +625,150 @@ stateful_set: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -502,6 +804,14 @@ stateful_set: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -543,16 +853,34 @@ stateful_set: - Spec defines the desired identities of pods in this set. type: complex contains: + pod_management_policy: + description: + - podManagementPolicy controls how pods are created during initial scale + up, when replacing pods on nodes, or when scaling down. The default policy + is `OrderedReady`, where pods are created in increasing order (pod-0, + then pod-1, etc) and the controller will wait until each pod is ready + before continuing. When scaling down, the pods are removed in the opposite + order. The alternative policy is `Parallel` which will create pods in + parallel to match the desired scale without waiting, and on scale down + will delete all pods at once. + type: str replicas: description: - - Replicas is the desired number of replicas of the given Template. These + - replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1. type: int + revision_history_limit: + description: + - revisionHistoryLimit is the maximum number of revisions that will be maintained + in the StatefulSet's revision history. The revision history consists of + all revisions not represented by a currently applied StatefulSetSpec version. + The default value is 10. + type: int selector: description: - - Selector is a label query over pods that should match the replica count. + - selector is a label query over pods that should match the replica count. If empty, defaulted to labels on the pod template. type: complex contains: @@ -589,7 +917,7 @@ stateful_set: contains: str, str service_name: description: - - 'ServiceName is the name of the service that governs this StatefulSet. + - 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where @@ -597,7 +925,7 @@ stateful_set: type: str template: description: - - Template is the object that describes the pod that will be created if + - template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. @@ -689,6 +1017,158 @@ stateful_set: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -726,6 +1206,14 @@ stateful_set: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -777,6 +1265,493 @@ stateful_set: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -848,11 +1823,17 @@ stateful_set: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -881,8 +1862,7 @@ stateful_set: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -901,6 +1881,53 @@ stateful_set: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -977,8 +2004,7 @@ stateful_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -990,13 +2016,17 @@ stateful_set: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -1059,8 +2089,7 @@ stateful_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1072,13 +2101,17 @@ stateful_set: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -1142,8 +2175,7 @@ stateful_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1171,13 +2203,17 @@ stateful_set: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1289,8 +2325,7 @@ stateful_set: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1318,13 +2353,17 @@ stateful_set: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1340,7 +2379,7 @@ stateful_set: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1348,10 +2387,10 @@ stateful_set: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1452,7 +2491,20 @@ stateful_set: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -1492,9 +2544,27 @@ stateful_set: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1527,6 +2597,805 @@ stateful_set: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -1545,6 +3414,11 @@ stateful_set: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1641,6 +3515,46 @@ stateful_set: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -1704,6 +3618,13 @@ stateful_set: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -1813,9 +3734,9 @@ stateful_set: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -1841,6 +3762,10 @@ stateful_set: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -1909,8 +3834,7 @@ stateful_set: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1927,6 +3851,15 @@ stateful_set: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -2101,6 +4034,14 @@ stateful_set: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -2121,11 +4062,27 @@ stateful_set: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -2187,6 +4144,209 @@ stateful_set: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2269,6 +4429,67 @@ stateful_set: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2291,8 +4512,9 @@ stateful_set: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -2314,10 +4536,58 @@ stateful_set: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -2330,13 +4600,42 @@ stateful_set: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk type: str + update_strategy: + description: + - updateStrategy indicates the StatefulSetUpdateStrategy that will be employed + to update Pods in the StatefulSet when a revision is made to Template. + type: complex + contains: + rolling_update: + description: + - RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. + type: complex + contains: + partition: + description: + - Partition indicates the ordinal at which the StatefulSet should + be partitioned. + type: int + type: + description: + - Type indicates the type of the StatefulSetUpdateStrategy. + type: str volume_claim_templates: description: - - VolumeClaimTemplates is a list of claims that pods are allowed to reference. + - volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one @@ -2442,6 +4741,158 @@ stateful_set: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -2479,6 +4930,14 @@ stateful_set: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -2539,7 +4998,7 @@ stateful_set: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -2547,7 +5006,7 @@ stateful_set: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str selector: description: - A label query over volumes to consider for binding. @@ -2585,6 +5044,10 @@ stateful_set: array contains only "value". The requirements are ANDed. type: complex contains: str, str + storage_class_name: + description: + - Name of the StorageClass required by the claim. + type: str volume_name: description: - VolumeName is the binding reference to the PersistentVolume backing @@ -2606,7 +5069,7 @@ stateful_set: description: - Represents the actual resources of the underlying volume. type: complex - contains: str, ResourceQuantity + contains: str, str phase: description: - Phase represents the current phase of PersistentVolumeClaim. @@ -2617,13 +5080,40 @@ stateful_set: out of date by some window of time. type: complex contains: + current_replicas: + description: + - currentReplicas is the number of Pods created by the StatefulSet controller + from the StatefulSet version indicated by currentRevision. + type: int + current_revision: + description: + - currentRevision, if not empty, indicates the version of the StatefulSet + used to generate Pods in the sequence [0,currentReplicas). + type: str observed_generation: description: - - most recent generation observed by this autoscaler. + - observedGeneration is the most recent generation observed for this StatefulSet. + It corresponds to the StatefulSet's generation, which is updated on mutation + by the API Server. + type: int + ready_replicas: + description: + - readyReplicas is the number of Pods created by the StatefulSet controller + that have a Ready Condition. type: int replicas: description: - - Replicas is the number of actual replicas. + - replicas is the number of Pods created by the StatefulSet controller. + type: int + update_revision: + description: + - updateRevision, if not empty, indicates the version of the StatefulSet + used to generate Pods in the sequence [replicas-updatedReplicas,replicas) + type: str + updated_replicas: + description: + - updatedReplicas is the number of Pods created by the StatefulSet controller + from the StatefulSet version indicated by updateRevision. type: int ''' diff --git a/library/k8s_v1beta1_stateful_set_list.py b/library/k8s_v1beta1_stateful_set_list.py index 03925d0e..14cb4426 100644 --- a/library/k8s_v1beta1_stateful_set_list.py +++ b/library/k8s_v1beta1_stateful_set_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -208,6 +204,153 @@ stateful_set_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -244,6 +387,14 @@ stateful_set_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -288,16 +439,34 @@ stateful_set_list: - Spec defines the desired identities of pods in this set. type: complex contains: + pod_management_policy: + description: + - podManagementPolicy controls how pods are created during initial scale + up, when replacing pods on nodes, or when scaling down. The default + policy is `OrderedReady`, where pods are created in increasing order + (pod-0, then pod-1, etc) and the controller will wait until each pod + is ready before continuing. When scaling down, the pods are removed + in the opposite order. The alternative policy is `Parallel` which + will create pods in parallel to match the desired scale without waiting, + and on scale down will delete all pods at once. + type: str replicas: description: - - Replicas is the desired number of replicas of the given Template. + - replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1. type: int + revision_history_limit: + description: + - revisionHistoryLimit is the maximum number of revisions that will + be maintained in the StatefulSet's revision history. The revision + history consists of all revisions not represented by a currently applied + StatefulSetSpec version. The default value is 10. + type: int selector: description: - - Selector is a label query over pods that should match the replica + - selector is a label query over pods that should match the replica count. If empty, defaulted to labels on the pod template. type: complex contains: @@ -334,7 +503,7 @@ stateful_set_list: contains: str, str service_name: description: - - 'ServiceName is the name of the service that governs this StatefulSet. + - 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local @@ -342,7 +511,7 @@ stateful_set_list: type: str template: description: - - Template is the object that describes the pod that will be created + - template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. @@ -439,6 +608,162 @@ stateful_set_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -477,6 +802,15 @@ stateful_set_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -529,6 +863,510 @@ stateful_set_list: try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the + system may or may not try to eventually evict the + pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system will try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must + be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some + other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by + iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches + the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this + field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system will + try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this + field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot @@ -602,11 +1440,17 @@ stateful_set_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -636,8 +1480,7 @@ stateful_set_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -656,6 +1499,53 @@ stateful_set_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -734,8 +1624,7 @@ stateful_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -747,13 +1636,17 @@ stateful_set_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is @@ -817,8 +1710,7 @@ stateful_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -830,13 +1722,17 @@ stateful_set_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be @@ -901,8 +1797,7 @@ stateful_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -930,13 +1825,17 @@ stateful_set_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1052,8 +1951,7 @@ stateful_set_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1081,13 +1979,17 @@ stateful_set_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1104,7 +2006,7 @@ stateful_set_list: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1112,10 +2014,10 @@ stateful_set_list: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1221,8 +2123,21 @@ stateful_set_list: \ termination message will be written is mounted into\ \ the container's filesystem. Message written is intended\ \ to be brief final status, such as an assertion failure\ - \ message. Defaults to /dev/termination-log. Cannot be\ - \ updated." + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. type: str tty: description: @@ -1263,9 +2178,27 @@ stateful_set_list: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To + have DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will + be injected into the pod's hosts file if specified. This is + only valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1299,6 +2232,825 @@ stateful_set_list: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init + containers are executed in order prior to containers being + started. If any init container fails, the pod is considered + to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be + unique among all containers. Init containers may not have + Lifecycle actions, Readiness probes, or Liveness probes. The + resourceRequirements of an init container are taken into account + during scheduling by finding the highest request/limit for + each resource type, and then using the max of of that value + or the sum of the normal containers. Limits are applied to + init containers in a similar fashion. Init containers cannot + currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is\ + \ used if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a\ + \ variable cannot be resolved, the reference in the input\ + \ string will be unchanged. The $(VAR_NAME) syntax can\ + \ be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided.\ + \ Variable references $(VAR_NAME) are expanded using the\ + \ container's environment. If a variable cannot be resolved,\ + \ the reference in the input string will be unchanged.\ + \ The $(VAR_NAME) syntax can be escaped with a double\ + \ $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists\ + \ or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. + Cannot be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the + container and any service environment variables. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot + be used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must + be a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container + is created. If the handler fails, the container is + terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is + terminated. The container is terminated after the + handler completes. The reason for termination is passed + to the handler. Regardless of the outcome of the handler, + the container is eventually terminated. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be + restarted if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be + updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a + port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will + be accessible from the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If + HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have + a unique name. Name for the port that can be referred + to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to + "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. + Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be + updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted + by the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the + host. Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image + at runtime to ensure that it does not run as UID 0 + (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate + a random SELinux context for each container. May also + be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the + container. + type: str + role: + description: + - Role is a SELinux role label that applies to the + container. + type: str + type: + description: + - Type is a SELinux type label that applies to the + container. + type: str + user: + description: + - User is a SELinux user label that applies to the + container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default + is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple + attach sessions. If stdinOnce is set to true, stdin is + opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into\ + \ the container's filesystem. Message written is intended\ + \ to be brief final status, such as an assertion failure\ + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, + also requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should + be mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific @@ -1317,6 +3069,11 @@ stateful_set_list: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1415,6 +3172,46 @@ stateful_set_list: Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a + pod can tolerate all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If + the operator is Exists, the value should be empty, otherwise + just a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging @@ -1479,6 +3276,13 @@ stateful_set_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will @@ -1591,8 +3395,9 @@ stateful_set_list: projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will - error. Paths must be relative and may not contain - the '..' path or start with '..'. + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. type: list contains: key: @@ -1619,6 +3424,11 @@ stateful_set_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be + defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that @@ -1689,8 +3499,7 @@ stateful_set_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1707,6 +3516,16 @@ stateful_set_list: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir + would be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that the + limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached @@ -1884,6 +3703,14 @@ stateful_set_list: to a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -1904,11 +3731,27 @@ stateful_set_list: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an + IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or @@ -1972,6 +3815,217 @@ stateful_set_list: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and + mounted on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to + be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and + downward API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must + be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will + be projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys + must be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: + only annotations, labels, name and namespace + are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath + is written in terms of, defaults to + "v1". + type: str + field_path: + description: + - Path of the field to select in the + specified API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not\ + \ be absolute or contain the '..' path.\ + \ Must be utf-8 encoded. The first item\ + \ of the relative path must not start\ + \ with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the + exposed resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced Secret will be + projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must + be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2055,6 +4109,68 @@ stateful_set_list: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured + storage (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user + and other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should + be thick or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2077,9 +4193,9 @@ stateful_set_list: is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is - not present in the Secret, the volume setup will error. - Paths must be relative and may not contain the '..' - path or start with '..'. + not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. type: list contains: key: @@ -2102,10 +4218,60 @@ stateful_set_list: path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then + the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and @@ -2119,13 +4285,43 @@ stateful_set_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk type: str + update_strategy: + description: + - updateStrategy indicates the StatefulSetUpdateStrategy that will be + employed to update Pods in the StatefulSet when a revision is made + to Template. + type: complex + contains: + rolling_update: + description: + - RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. + type: complex + contains: + partition: + description: + - Partition indicates the ordinal at which the StatefulSet should + be partitioned. + type: int + type: + description: + - Type indicates the type of the StatefulSetUpdateStrategy. + type: str volume_claim_templates: description: - - VolumeClaimTemplates is a list of claims that pods are allowed to + - volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) @@ -2236,6 +4432,162 @@ stateful_set_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -2274,6 +4626,15 @@ stateful_set_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -2337,7 +4698,7 @@ stateful_set_list: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -2345,7 +4706,7 @@ stateful_set_list: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str selector: description: - A label query over volumes to consider for binding. @@ -2385,6 +4746,10 @@ stateful_set_list: requirements are ANDed. type: complex contains: str, str + storage_class_name: + description: + - Name of the StorageClass required by the claim. + type: str volume_name: description: - VolumeName is the binding reference to the PersistentVolume @@ -2406,7 +4771,7 @@ stateful_set_list: description: - Represents the actual resources of the underlying volume. type: complex - contains: str, ResourceQuantity + contains: str, str phase: description: - Phase represents the current phase of PersistentVolumeClaim. @@ -2417,13 +4782,40 @@ stateful_set_list: be out of date by some window of time. type: complex contains: + current_replicas: + description: + - currentReplicas is the number of Pods created by the StatefulSet controller + from the StatefulSet version indicated by currentRevision. + type: int + current_revision: + description: + - currentRevision, if not empty, indicates the version of the StatefulSet + used to generate Pods in the sequence [0,currentReplicas). + type: str observed_generation: description: - - most recent generation observed by this autoscaler. + - observedGeneration is the most recent generation observed for this + StatefulSet. It corresponds to the StatefulSet's generation, which + is updated on mutation by the API Server. + type: int + ready_replicas: + description: + - readyReplicas is the number of Pods created by the StatefulSet controller + that have a Ready Condition. type: int replicas: description: - - Replicas is the number of actual replicas. + - replicas is the number of Pods created by the StatefulSet controller. + type: int + update_revision: + description: + - updateRevision, if not empty, indicates the version of the StatefulSet + used to generate Pods in the sequence [replicas-updatedReplicas,replicas) + type: str + updated_replicas: + description: + - updatedReplicas is the number of Pods created by the StatefulSet controller + from the StatefulSet version indicated by updateRevision. type: int kind: description: diff --git a/library/k8s_v1beta1_storage_class.py b/library/k8s_v1beta1_storage_class.py index a6460de2..8092ac7a 100644 --- a/library/k8s_v1beta1_storage_class.py +++ b/library/k8s_v1beta1_storage_class.py @@ -115,7 +115,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -222,6 +222,150 @@ storage_class: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -257,6 +401,14 @@ storage_class: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1beta1_storage_class_list.py b/library/k8s_v1beta1_storage_class_list.py index c6a56ed7..48adfba0 100644 --- a/library/k8s_v1beta1_storage_class_list.py +++ b/library/k8s_v1beta1_storage_class_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ storage_class_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ storage_class_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1beta1_subject_access_review.py b/library/k8s_v1beta1_subject_access_review.py index bcdbd93f..21bc772c 100644 --- a/library/k8s_v1beta1_subject_access_review.py +++ b/library/k8s_v1beta1_subject_access_review.py @@ -153,7 +153,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -259,6 +259,150 @@ subject_access_review: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -294,6 +438,14 @@ subject_access_review: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1beta1_third_party_resource.py b/library/k8s_v1beta1_third_party_resource.py index 1a797ffb..b3953b84 100644 --- a/library/k8s_v1beta1_third_party_resource.py +++ b/library/k8s_v1beta1_third_party_resource.py @@ -114,7 +114,7 @@ options: - Versions are versions for this third party object type: list requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -225,6 +225,150 @@ third_party_resource: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -260,6 +404,14 @@ third_party_resource: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1beta1_third_party_resource_list.py b/library/k8s_v1beta1_third_party_resource_list.py index e6f54358..3a6b28b6 100644 --- a/library/k8s_v1beta1_third_party_resource_list.py +++ b/library/k8s_v1beta1_third_party_resource_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -214,6 +210,153 @@ third_party_resource_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -250,6 +393,14 @@ third_party_resource_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v1beta1_token_review.py b/library/k8s_v1beta1_token_review.py index 6e2dacb8..b6ee3c1d 100644 --- a/library/k8s_v1beta1_token_review.py +++ b/library/k8s_v1beta1_token_review.py @@ -88,7 +88,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -194,6 +194,150 @@ token_review: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -229,6 +373,14 @@ token_review: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/k8s_v2alpha1_cron_job.py b/library/k8s_v2alpha1_cron_job.py index 26baa3fb..912e71ce 100644 --- a/library/k8s_v2alpha1_cron_job.py +++ b/library/k8s_v2alpha1_cron_job.py @@ -78,9 +78,16 @@ options: type: dict spec_concurrency_policy: description: - - ConcurrencyPolicy specifies how to treat concurrent executions of a Job. + - Specifies how to treat concurrent executions of a Job. Defaults to Allow. aliases: - concurrency_policy + spec_failed_jobs_history_limit: + description: + - The number of failed finished jobs to retain. This is a pointer to distinguish + between explicit zero and not specified. + aliases: + - failed_jobs_history_limit + type: int spec_job_template_metadata_annotations: description: - Annotations is an unstructured key value map stored with a resource that may @@ -121,17 +128,17 @@ options: type: int spec_job_template_spec_completions: description: - - Completions specifies the desired number of successfully finished pods the job - should be run with. Setting to nil means that the success of any pod signals - the success of all pods, and allows parallelism to have any positive value. - Setting to 1 means that parallelism is limited to 1 and the success of that - pod signals the success of the job. + - Specifies the desired number of successfully finished pods the job should be + run with. Setting to nil means that the success of any pod signals the success + of all pods, and allows parallelism to have any positive value. Setting to 1 + means that parallelism is limited to 1 and the success of that pod signals the + success of the job. aliases: - job__completions type: int spec_job_template_spec_manual_selector: description: - - ManualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` + - manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying @@ -143,9 +150,9 @@ options: type: bool spec_job_template_spec_parallelism: description: - - Parallelism specifies the maximum desired number of pods the job should run - at any given time. The actual number of pods running in steady state will be - less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), + - Specifies the maximum desired number of pods the job should run at any given + time. The actual number of pods running in steady state will be less than this + number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. aliases: - job__parallelism @@ -205,6 +212,98 @@ options: aliases: - job__active_deadline_seconds type: int + spec_job_template_spec_template_spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - job__affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + ? spec_job_template_spec_template_spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + : description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - job__affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + spec_job_template_spec_template_spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - job__affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_job_template_spec_template_spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - job__affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_job_template_spec_template_spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - job__affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_job_template_spec_template_spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - job__affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_job_template_spec_template_spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - job__automount_service_account_token + type: bool spec_job_template_spec_template_spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -214,10 +313,18 @@ options: type: list spec_job_template_spec_template_spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - job__dns_policy + spec_job_template_spec_template_spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - job__host_aliases + type: list spec_job_template_spec_template_spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -253,6 +360,21 @@ options: aliases: - job__image_pull_secrets type: list + spec_job_template_spec_template_spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - job__init_containers + type: list spec_job_template_spec_template_spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -274,6 +396,12 @@ options: Never. Default to Always. aliases: - job__restart_policy + spec_job_template_spec_template_spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - job__scheduler_name spec_job_template_spec_template_spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -362,6 +490,12 @@ options: aliases: - job__termination_grace_period_seconds type: int + spec_job_template_spec_template_spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - job__tolerations + type: list spec_job_template_spec_template_spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. @@ -370,7 +504,7 @@ options: type: list spec_schedule: description: - - Schedule contains the schedule in Cron format, see + - The schedule in Cron format, see aliases: - schedule spec_starting_deadline_seconds: @@ -380,10 +514,17 @@ options: aliases: - starting_deadline_seconds type: int + spec_successful_jobs_history_limit: + description: + - The number of successful finished jobs to retain. This is a pointer to distinguish + between explicit zero and not specified. + aliases: + - successful_jobs_history_limit + type: int spec_suspend: description: - - Suspend flag tells the controller to suspend subsequent executions, it does - not apply to already started executions. Defaults to false. + - This flag tells the controller to suspend subsequent executions, it does not + apply to already started executions. Defaults to false. aliases: - suspend type: bool @@ -418,7 +559,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -525,6 +666,150 @@ cron_job: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -560,6 +845,14 @@ cron_job: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -598,18 +891,21 @@ cron_job: type: str spec: description: - - Spec is a structure defining the expected behavior of a job, including the - schedule. + - Specification of the desired behavior of a cron job, including the schedule. type: complex contains: concurrency_policy: description: - - ConcurrencyPolicy specifies how to treat concurrent executions of a Job. + - Specifies how to treat concurrent executions of a Job. Defaults to Allow. type: str + failed_jobs_history_limit: + description: + - The number of failed finished jobs to retain. This is a pointer to distinguish + between explicit zero and not specified. + type: int job_template: description: - - JobTemplate is the object that describes the job that will be created - when executing a CronJob. + - Specifies the job that will be created when executing a CronJob. type: complex contains: metadata: @@ -698,6 +994,158 @@ cron_job: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -735,6 +1183,14 @@ cron_job: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -787,16 +1243,16 @@ cron_job: type: int completions: description: - - Completions specifies the desired number of successfully finished - pods the job should be run with. Setting to nil means that the - success of any pod signals the success of all pods, and allows - parallelism to have any positive value. Setting to 1 means that - parallelism is limited to 1 and the success of that pod signals - the success of the job. + - Specifies the desired number of successfully finished pods the + job should be run with. Setting to nil means that the success + of any pod signals the success of all pods, and allows parallelism + to have any positive value. Setting to 1 means that parallelism + is limited to 1 and the success of that pod signals the success + of the job. type: int manual_selector: description: - - ManualSelector controls generation of pod labels and pod selectors. + - manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the @@ -807,16 +1263,16 @@ cron_job: type: bool parallelism: description: - - Parallelism specifies the maximum desired number of pods the job - should run at any given time. The actual number of pods running - in steady state will be less than this number when ((.spec.completions - - .status.successful) < .spec.parallelism), i.e. when the work - left to do is less than max parallelism. + - Specifies the maximum desired number of pods the job should run + at any given time. The actual number of pods running in steady + state will be less than this number when ((.spec.completions - + .status.successful) < .spec.parallelism), i.e. when the work left + to do is less than max parallelism. type: int selector: description: - - Selector is a label query over pods that should match the pod - count. Normally, the system sets this field for you. + - A label query over pods that should match the pod count. Normally, + the system sets this field for you. type: complex contains: match_expressions: @@ -853,8 +1309,7 @@ cron_job: contains: str, str template: description: - - Template is the object that describes the pod that will be created - when executing a job. + - Describes the pod that will be created when executing a job. type: complex contains: metadata: @@ -951,6 +1406,166 @@ cron_job: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list + of initializers that have not yet acted on this object. + If nil or empty, this object has been completely initialized. + Otherwise, the object is considered uninitialized and + is hidden (in list/watch and get calls) from clients that + haven't explicitly asked to observe uninitialized objects. + When an object is created, the system will populate this + list with the current set of initializers. Only privileged + users may set or modify this list. Once it is empty, it + may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute + in order before this object is visible. When the last + pending initializer is removed, and no failing result + is set, the initializers struct will be set to nil + and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object + will be persisted to storage and then deleted, ensuring + that other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this + representation of an object. Servers should convert + recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 + if not set. + type: int + details: + description: + - Extended data associated with the reason. Each + reason may define its own extended details. This + field is optional and the data returned is not + guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for + nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an + array of causes due to fields having multiple + errors. Optional. Examples: "name" - the + field "name" on the current resource "items[0].name" + - the field "name" on the first array + entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the + cause of the error. If this value is empty + there is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is + a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the + operation should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single + resource which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this + from the endpoint the client submits requests + to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of + this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal + version of this object that can be used by + clients to determine when objects have changed. + Value must be treated as opaque by clients + and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. + Populated by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or + "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -989,6 +1604,15 @@ cron_job: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -1041,6 +1665,536 @@ cron_job: actively try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, + requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the + elements of this field and adding "weight" to + the sum if the node matches the corresponding + matchExpressions; the node(s) with the highest + sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the + corresponding weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to + a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, + and Lt. + type: str + values: + description: + - An array of string values. If the + operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator + is Gt or Lt, the values array must + have a single element, which will + be interpreted as an integer. This + array is replaced during a strategic + merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this + field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity + requirements specified by this field cease to + be met at some point during pod execution (e.g. + due to an update), the system may or may not try + to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The + terms are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to + a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, + and Lt. + type: str + values: + description: + - An array of string values. If the + operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator + is Gt or Lt, the values array must + have a single element, which will + be interpreted as an integer. This + array is replaced during a strategic + merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other + pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, + requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the + elements of this field and adding "weight" to + the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated + with the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, + in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label + selector requirements. The requirements + are ANDed. + type: list + contains: + key: + description: + - key is the label key that the + selector applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + This array is replaced during + a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} + pairs. A single {key,value} in the + matchLabels map is equivalent to an + element of matchExpressions, whose + key field is "key", the operator is + "In", and the values array contains + only "value". The requirements are + ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces + the labelSelector applies to (matches + against); null or empty list means "this + pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) + or not co-located (anti-affinity) with + the pods matching the labelSelector in + the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is + interpreted as "all topologies" ("all + topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once + it is implemented. If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to a pod label update), the + system will try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this + field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity + requirements specified by this field cease to + be met at some point during pod execution (e.g. + due to a pod label update), the system may or + may not try to eventually evict the pod from its + node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated + with the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, + in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label + selector requirements. The requirements + are ANDed. + type: list + contains: + key: + description: + - key is the label key that the + selector applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + This array is replaced during + a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} + pairs. A single {key,value} in the + matchLabels map is equivalent to an + element of matchExpressions, whose + key field is "key", the operator is + "In", and the values array contains + only "value". The requirements are + ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces + the labelSelector applies to (matches + against); null or empty list means "this + pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) + or not co-located (anti-affinity) with + the pods matching the labelSelector in + the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is + interpreted as "all topologies" ("all + topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once + it is implemented. If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by + this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + anti-affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service + account token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot @@ -1115,11 +2269,17 @@ cron_job: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's + key must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -1149,8 +2309,7 @@ cron_job: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1169,6 +2328,54 @@ cron_job: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key + must be defined + type: bool + env_from: + description: + - List of sources to populate environment variables + in the container. The keys defined within a source + must be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a + key exists in multiple sources, the value associated + with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -1249,8 +2456,7 @@ cron_job: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -1262,13 +2468,17 @@ cron_job: TCP port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container @@ -1334,8 +2544,7 @@ cron_job: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -1347,13 +2556,17 @@ cron_job: TCP port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will @@ -1419,8 +2632,7 @@ cron_job: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -1449,13 +2661,17 @@ cron_job: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times @@ -1573,8 +2789,7 @@ cron_job: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -1603,13 +2818,17 @@ cron_job: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times @@ -1626,7 +2845,7 @@ cron_job: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute @@ -1635,10 +2854,10 @@ cron_job: explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1745,8 +2964,22 @@ cron_job: \ termination message will be written is mounted into\ \ the container's filesystem. Message written is intended\ \ to be brief final status, such as an assertion failure\ - \ message. Defaults to /dev/termination-log. Cannot\ - \ be updated." + \ message. Will be truncated by the node if greater\ + \ than 4096 bytes. The total message length across\ + \ all containers will be limited to 12kb. Defaults\ + \ to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. type: str tty: description: @@ -1787,9 +3020,27 @@ cron_job: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". + To have DNS options set along with hostNetwork, you have + to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that + will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1823,6 +3074,840 @@ cron_job: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers + being started. If any init container fails, the pod is + considered to have failed and is handled according to + its restartPolicy. The name for an init container or normal + container must be unique among all containers. Init containers + may not have Lifecycle actions, Readiness probes, or Liveness + probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the + highest request/limit for each resource type, and then + using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a + similar fashion. Init containers cannot currently be added + or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD\ + \ is used if this is not provided. Variable references\ + \ $(VAR_NAME) are expanded using the container's environment.\ + \ If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME)\ + \ syntax can be escaped with a double $$, ie: $$(VAR_NAME).\ + \ Escaped references will never be expanded, regardless\ + \ of whether the variable exists or not. Cannot be\ + \ updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The\ + \ docker image's ENTRYPOINT is used if this is not\ + \ provided. Variable references $(VAR_NAME) are expanded\ + \ using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string\ + \ will be unchanged. The $(VAR_NAME) syntax can be\ + \ escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of\ + \ whether the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. + Cannot be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot + be used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's + key must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. + Must be a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key + must be defined + type: bool + env_from: + description: + - List of sources to populate environment variables + in the container. The keys defined within a source + must be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a + key exists in multiple sources, the value associated + with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or + IfNotPresent otherwise. Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in + response to container lifecycle events. Cannot be + updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container + is created. If the handler fails, the container + is terminated and restarted according to its restart + policy. Other management of the container blocks + until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be + specified. Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, + it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly + call out to that shell. Exit status of + 0 is treated as live/healthy and non-zero + is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the + pod IP. You probably want to set "Host" + in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. + HTTP allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on + the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on + the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container + is terminated. The container is terminated after + the handler completes. The reason for termination + is passed to the handler. Regardless of the outcome + of the handler, the container is eventually terminated. + Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be + specified. Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, + it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly + call out to that shell. Exit status of + 0 is treated as live/healthy and non-zero + is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the + pod IP. You probably want to set "Host" + in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. + HTTP allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on + the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on + the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will + be restarted if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing + a port here gives the system additional information + about the network connections a container uses, but + is primarily informational. Not specifying a port + here DOES NOT prevent that port from being exposed. + Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and + unique within the pod. Each named port in a pod + must have a unique name. Name for the port that + can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults + to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe + fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to + be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot + be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute + resources allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute + resources required. If Requests is omitted for + a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted + by the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in + privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image + at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it + does. If unset or false, no such validation will + be performed. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate + a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies + to the container. + type: str + role: + description: + - Role is a SELinux role label that applies + to the container. + type: str + type: + description: + - Type is a SELinux type label that applies + to the container. + type: str + user: + description: + - User is a SELinux user label that applies + to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, + reads from stdin in the container will always result + in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin + channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open + across multiple attach sessions. If stdinOnce is set + to true, stdin is opened on container start, is empty + until the first client attaches to stdin, and then + remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until + the container is restarted. If this flag is false, + a container processes that reads from stdin will never + receive an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into\ + \ the container's filesystem. Message written is intended\ + \ to be brief final status, such as an assertion failure\ + \ message. Will be truncated by the node if greater\ + \ than 4096 bytes. The total message length across\ + \ all containers will be limited to 12kb. Defaults\ + \ to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, + also requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume + should be mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the + container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific @@ -1842,6 +3927,12 @@ cron_job: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched + by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and @@ -1949,6 +4040,47 @@ cron_job: Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. + Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to + match all values and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will be treated + as 0 (evict immediately) by the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging @@ -2015,6 +4147,14 @@ cron_job: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per + storage account Dedicated: single blob disk per + storage account Managed: azure managed data disk + (only in managed availability set). defaults to + shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here @@ -2128,9 +4268,9 @@ cron_job: keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, - the volume setup will error. Paths must be relative - and may not contain the '..' path or start with - '..'. + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -2157,6 +4297,11 @@ cron_job: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod @@ -2229,8 +4374,7 @@ cron_job: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -2248,6 +4392,16 @@ cron_job: default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory + limits of all containers in a pod. The default + is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached @@ -2434,6 +4588,14 @@ cron_job: pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to @@ -2455,11 +4617,27 @@ cron_job: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either + an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP @@ -2527,6 +4705,227 @@ cron_job: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly + inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, + and downward API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in + the Data field of the referenced ConfigMap + will be projected into the volume as a + file whose name is the key and content + is the value. If specified, the listed + keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. Paths + must be relative and may not contain the + '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this + file, must be a value between 0 and + 0777. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits + set.' + type: int + path: + description: + - The relative path of the file to map + the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string + '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's + keys must be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to + project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the + pod: only annotations, labels, name + and namespace are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath + is written in terms of, defaults + to "v1". + type: str + field_path: + description: + - Path of the field to select in + the specified API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this + file, must be a value between 0 and + 0777. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits + set.' + type: int + path: + description: + - "Required: Path is the relative path\ + \ name of the file to be created.\ + \ Must not be absolute or contain\ + \ the '..' path. Must be utf-8 encoded.\ + \ The first item of the relative path\ + \ must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: + only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for + volumes, optional for env vars' + type: str + divisor: + description: + - Specifies the output format of + the exposed resources, defaults + to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in + the Data field of the referenced Secret + will be projected into the volume as a + file whose name is the key and content + is the value. If specified, the listed + keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present + in the Secret, the volume setup will error + unless it is marked optional. Paths must + be relative and may not contain the '..' + path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this + file, must be a value between 0 and + 0777. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits + set.' + type: int + path: + description: + - The relative path of the file to map + the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string + '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key + must be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that @@ -2612,6 +5011,69 @@ cron_job: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. + "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured + storage (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO + user and other sensitive information. If this + is not provided, Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with + Gateway, default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should + be thick or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection + domain (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in + ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this @@ -2637,9 +5099,9 @@ cron_job: keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative - and may not contain the '..' path or start with - '..'. + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -2662,10 +5124,62 @@ cron_job: the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be + defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. + "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, + default values will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a + namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. + Set to "default" if you are not using namespaces + within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached @@ -2679,13 +5193,23 @@ cron_job: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile + name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk type: str schedule: description: - - Schedule contains the schedule in Cron format, see + - The schedule in Cron format, see type: str starting_deadline_seconds: description: @@ -2693,19 +5217,24 @@ cron_job: time for any reason. Missed jobs executions will be counted as failed ones. type: int + successful_jobs_history_limit: + description: + - The number of successful finished jobs to retain. This is a pointer to + distinguish between explicit zero and not specified. + type: int suspend: description: - - Suspend flag tells the controller to suspend subsequent executions, it - does not apply to already started executions. Defaults to false. + - This flag tells the controller to suspend subsequent executions, it does + not apply to already started executions. Defaults to false. type: bool status: description: - - Status is a structure describing current status of a job. + - Current status of a cron job. type: complex contains: active: description: - - Active holds pointers to currently running jobs. + - A list of pointers to currently running jobs. type: list contains: api_version: @@ -2746,8 +5275,7 @@ cron_job: type: str last_schedule_time: description: - - LastScheduleTime keeps information of when was the last time the job was - successfully scheduled. + - Information when was the last time the job was successfully scheduled. type: complex contains: {} ''' diff --git a/library/k8s_v2alpha1_cron_job_list.py b/library/k8s_v2alpha1_cron_job_list.py index 3fe1fa65..dbe5c91e 100644 --- a/library/k8s_v2alpha1_cron_job_list.py +++ b/library/k8s_v2alpha1_cron_job_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- kubernetes == 1.0.0 +- kubernetes == 3.0.0 ''' EXAMPLES = ''' @@ -111,7 +107,7 @@ cron_job_list: type: str items: description: - - Items is the list of CronJob. + - items is the list of CronJobs. type: list contains: api_version: @@ -210,6 +206,153 @@ cron_job_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ cron_job_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -287,19 +438,22 @@ cron_job_list: type: str spec: description: - - Spec is a structure defining the expected behavior of a job, including - the schedule. + - Specification of the desired behavior of a cron job, including the schedule. type: complex contains: concurrency_policy: description: - - ConcurrencyPolicy specifies how to treat concurrent executions of - a Job. + - Specifies how to treat concurrent executions of a Job. Defaults to + Allow. type: str + failed_jobs_history_limit: + description: + - The number of failed finished jobs to retain. This is a pointer to + distinguish between explicit zero and not specified. + type: int job_template: description: - - JobTemplate is the object that describes the job that will be created - when executing a CronJob. + - Specifies the job that will be created when executing a CronJob. type: complex contains: metadata: @@ -393,6 +547,162 @@ cron_job_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -431,6 +741,15 @@ cron_job_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -484,16 +803,16 @@ cron_job_list: type: int completions: description: - - Completions specifies the desired number of successfully finished - pods the job should be run with. Setting to nil means that - the success of any pod signals the success of all pods, and - allows parallelism to have any positive value. Setting to - 1 means that parallelism is limited to 1 and the success of - that pod signals the success of the job. + - Specifies the desired number of successfully finished pods + the job should be run with. Setting to nil means that the + success of any pod signals the success of all pods, and allows + parallelism to have any positive value. Setting to 1 means + that parallelism is limited to 1 and the success of that pod + signals the success of the job. type: int manual_selector: description: - - ManualSelector controls generation of pod labels and pod selectors. + - manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. @@ -505,16 +824,16 @@ cron_job_list: type: bool parallelism: description: - - Parallelism specifies the maximum desired number of pods the - job should run at any given time. The actual number of pods - running in steady state will be less than this number when - ((.spec.completions - .status.successful) < .spec.parallelism), - i.e. when the work left to do is less than max parallelism. + - Specifies the maximum desired number of pods the job should + run at any given time. The actual number of pods running in + steady state will be less than this number when ((.spec.completions + - .status.successful) < .spec.parallelism), i.e. when the + work left to do is less than max parallelism. type: int selector: description: - - Selector is a label query over pods that should match the - pod count. Normally, the system sets this field for you. + - A label query over pods that should match the pod count. Normally, + the system sets this field for you. type: complex contains: match_expressions: @@ -553,8 +872,7 @@ cron_job_list: contains: str, str template: description: - - Template is the object that describes the pod that will be - created when executing a job. + - Describes the pod that will be created when executing a job. type: complex contains: metadata: @@ -655,6 +973,174 @@ cron_job_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some + system invariant at object creation time. This field + is a list of initializers that have not yet acted + on this object. If nil or empty, this object has been + completely initialized. Otherwise, the object is considered + uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is + created, the system will populate this list with the + current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it + may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute + in order before this object is visible. When the + last pending initializer is removed, and no failing + result is set, the initializers struct will be + set to nil and the object is considered as initialized + and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for + initializing this object. + type: str + result: + description: + - If result is set with the Failure field, the object + will be persisted to storage and then deleted, + ensuring that other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of + this representation of an object. Servers + should convert recognized schemas to the latest + internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, + 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. + Each reason may define its own extended details. + This field is optional and the data returned + is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details + associated with the StatusReason failure. + Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has + caused this error, as named by its + JSON serialization. May include dot + and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may + appear more than once in an array + of causes due to fields having multiple + errors. Optional. Examples: "name" + - the field "name" on the current + resource "items[0].name" - the field + "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the + cause of the error. This field may + be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of + the cause of the error. If this value + is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some + operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there + is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before + the operation should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a + single resource which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST + resource this object represents. Servers may + infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status + of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal + version of this object that can be used + by clients to determine when objects have + changed. Value must be treated as opaque + by clients and passed unmodified back + to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. + Populated by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this + operation is in the "Failure" status. If this + value is empty there is no information available. + A Reason clarifies an HTTP status code but + does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" + or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to @@ -696,6 +1182,15 @@ cron_job_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from + the key-value store until this reference is removed. + Defaults to false. To set this field, a user needs + "delete" permission of the owner, otherwise 422 + (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing @@ -751,6 +1246,564 @@ cron_job_list: will actively try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the + pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with + the corresponding weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector + requirements. The requirements are + ANDed. + type: list + contains: + key: + description: + - The label key that the selector + applies to. + type: str + operator: + description: + - Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: str + values: + description: + - An array of string values. If + the operator is In or NotIn, the + values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by + this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to an update), the + system may or may not try to eventually evict + the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. + The terms are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector + requirements. The requirements are + ANDed. + type: list + contains: + key: + description: + - The label key that the selector + applies to. + type: str + operator: + description: + - Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: str + values: + description: + - An array of string values. If + the operator is In or NotIn, the + values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. + as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated + with the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, + in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of + label selector requirements. The + requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that + the selector applies to. + type: str + operator: + description: + - operator represents a key's + relationship to a set of values. + Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + This array is replaced during + a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} + pairs. A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the + operator is "In", and the values + array contains only "value". The + requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces + the labelSelector applies to (matches + against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey + is interpreted as "all topologies" + ("all topologies" here means all the + topologyKeys indicated by scheduler + command-line argument --failure-domains); + for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey + is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field + once it is implemented. If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system will try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by + this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, + in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label + selector requirements. The requirements + are ANDed. + type: list + contains: + key: + description: + - key is the label key that the + selector applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + This array is replaced during + a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} + pairs. A single {key,value} in the + matchLabels map is equivalent to an + element of matchExpressions, whose + key field is "key", the operator is + "In", and the values array contains + only "value". The requirements are + ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces + the labelSelector applies to (matches + against); null or empty list means "this + pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) + or not co-located (anti-affinity) with + the pods matching the labelSelector in + the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is + interpreted as "all topologies" ("all + topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements of + this field and adding "weight" to the sum + if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated + with the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, + in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of + label selector requirements. The + requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that + the selector applies to. + type: str + operator: + description: + - operator represents a key's + relationship to a set of values. + Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + This array is replaced during + a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} + pairs. A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the + operator is "In", and the values + array contains only "value". The + requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces + the labelSelector applies to (matches + against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey + is interpreted as "all topologies" + ("all topologies" here means all the + topologyKeys indicated by scheduler + command-line argument --failure-domains); + for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey + is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field + once it is implemented. If the anti-affinity + requirements specified by this field are not + met at scheduling time, the pod will not be + scheduled onto the node. If the anti-affinity + requirements specified by this field cease + to be met at some point during pod execution + (e.g. due to a pod label update), the system + will try to eventually evict the pod from + its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, + in this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label + selector requirements. The requirements + are ANDed. + type: list + contains: + key: + description: + - key is the label key that the + selector applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + This array is replaced during + a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} + pairs. A single {key,value} in the + matchLabels map is equivalent to an + element of matchExpressions, whose + key field is "key", the operator is + "In", and the values array contains + only "value". The requirements are + ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces + the labelSelector applies to (matches + against); null or empty list means "this + pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) + or not co-located (anti-affinity) with + the pods matching the labelSelector in + the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is + interpreted as "all topologies" ("all + topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service + account token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers @@ -829,12 +1882,17 @@ cron_job_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's + key must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.podIP.' + status.hostIP, status.podIP.' type: complex contains: api_version: @@ -865,8 +1923,7 @@ cron_job_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -886,6 +1943,56 @@ cron_job_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's + key must be defined + type: bool + env_from: + description: + - List of sources to populate environment variables + in the container. The keys defined within a source + must be a C_IDENTIFIER. All invalid keys will + be reported as an event when the container is + starting. When a key exists in multiple sources, + the value associated with the last source will + take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be + updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be + defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -970,8 +2077,7 @@ cron_job_list: on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the @@ -983,14 +2089,18 @@ cron_job_list: a TCP port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, + defaults to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container @@ -1060,8 +2170,7 @@ cron_job_list: on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the @@ -1073,14 +2182,18 @@ cron_job_list: a TCP port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, + defaults to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container @@ -1148,8 +2261,7 @@ cron_job_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -1178,13 +2290,17 @@ cron_job_list: TCP port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times @@ -1306,8 +2422,7 @@ cron_job_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -1336,13 +2451,17 @@ cron_job_list: TCP port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times @@ -1360,7 +2479,7 @@ cron_job_list: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute @@ -1369,10 +2488,11 @@ cron_job_list: that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More + info:' type: complex contains: capabilities: @@ -1485,8 +2605,22 @@ cron_job_list: \ is mounted into the container's filesystem.\ \ Message written is intended to be brief final\ \ status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be\ - \ updated." + \ Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across\ + \ all containers will be limited to 12kb. Defaults\ + \ to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both + success and failure. FallbackToLogsOnError will + use the last chunk of container log output if + the termination message file is empty and the + container exited with an error. The log output + is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. type: str tty: description: @@ -1530,8 +2664,27 @@ cron_job_list: dns_policy: description: - Set DNS policy for containers within the pod. One - of 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". + of 'ClusterFirstWithHostNet', 'ClusterFirst' or 'Default'. + Defaults to "ClusterFirst". To have DNS options set + along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that + will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to\ @@ -1569,6 +2722,875 @@ cron_job_list: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the + pod. Init containers are executed in order prior to + containers being started. If any init container fails, + the pod is considered to have failed and is handled + according to its restartPolicy. The name for an init + container or normal container must be unique among + all containers. Init containers may not have Lifecycle + actions, Readiness probes, or Liveness probes. The + resourceRequirements of an init container are taken + into account during scheduling by finding the highest + request/limit for each resource type, and then using + the max of of that value or the sum of the normal + containers. Limits are applied to init containers + in a similar fashion. Init containers cannot currently + be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's\ + \ CMD is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the\ + \ container's environment. If a variable cannot\ + \ be resolved, the reference in the input string\ + \ will be unchanged. The $(VAR_NAME) syntax can\ + \ be escaped with a double $$, ie: $$(VAR_NAME).\ + \ Escaped references will never be expanded, regardless\ + \ of whether the variable exists or not. Cannot\ + \ be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell.\ + \ The docker image's ENTRYPOINT is used if this\ + \ is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment.\ + \ If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME)\ + \ syntax can be escaped with a double $$, ie:\ + \ $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable\ + \ exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. + Cannot be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be + a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables + in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped + with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: str + value_from: + description: + - Source for the environment variable's value. + Cannot be used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's + key must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath + is written in terms of, defaults to + "v1". + type: str + field_path: + description: + - Path of the field to select in the + specified API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the + exposed resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's + namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. + Must be a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's + key must be defined + type: bool + env_from: + description: + - List of sources to populate environment variables + in the container. The keys defined within a source + must be a C_IDENTIFIER. All invalid keys will + be reported as an event when the container is + starting. When a key exists in multiple sources, + the value associated with the last source will + take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be + updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be + defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take + in response to container lifecycle events. Cannot + be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container + is created. If the handler fails, the container + is terminated and restarted according to its + restart policy. Other management of the container + blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should + be specified. Exec specifies the action + to take. + type: complex + contains: + command: + description: + - Command is the command line to execute + inside the container, the working + directory for the command is root + ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to + perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults + to the pod IP. You probably want to + set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. + HTTP allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access + on the container. Number must be in + the range 1 to 65535. Name must be + an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the + host. Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, + defaults to the pod IP.' + type: str + port: + description: + - Number or name of the port to access + on the container. Number must be in + the range 1 to 65535. Name must be + an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container + is terminated. The container is terminated + after the handler completes. The reason for + termination is passed to the handler. Regardless + of the outcome of the handler, the container + is eventually terminated. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should + be specified. Exec specifies the action + to take. + type: complex + contains: + command: + description: + - Command is the command line to execute + inside the container, the working + directory for the command is root + ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to + perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults + to the pod IP. You probably want to + set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. + HTTP allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access + on the container. Number must be in + the range 1 to 65535. Name must be + an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the + host. Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, + defaults to the pod IP.' + type: str + port: + description: + - Number or name of the port to access + on the container. Number must be in + the range 1 to 65535. Name must be + an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be + updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be + specified. Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, + it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly + call out to that shell. Exit status of + 0 is treated as live/healthy and non-zero + is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe + to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the + pod IP. You probably want to set "Host" + in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. + HTTP allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on + the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has + started before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe + to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on + the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is + 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name + (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing + a port here gives the system additional information + about the network connections a container uses, + but is primarily informational. Not specifying + a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible + from the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < + 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must + match ContainerPort. Most containers do not + need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port + in a pod must have a unique name. Name for + the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults + to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. + Container will be removed from service endpoints + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be + specified. Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, + it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly + call out to that shell. Exit status of + 0 is treated as live/healthy and non-zero + is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe + to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the + pod IP. You probably want to set "Host" + in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. + HTTP allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on + the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has + started before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe + to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum + value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on + the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is + 1. + type: int + resources: + description: + - Compute Resources required by this container. + Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute + resources allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute + resources required. If Requests is omitted + for a container, it defaults to Limits if + that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More + info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running + containers. Defaults to the default set of + capabilities granted by the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root + filesystem. Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a + non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does + not run as UID 0 (root) and fail to start + the container if it does. If unset or false, + no such validation will be performed. May + also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container + process. Defaults to user specified in image + metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. + If unspecified, the container runtime will + allocate a random SELinux context for each + container. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies + to the container. + type: str + role: + description: + - Role is a SELinux role label that applies + to the container. + type: str + type: + description: + - Type is a SELinux type label that applies + to the container. + type: str + user: + description: + - User is a SELinux user label that applies + to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer + for stdin in the container runtime. If this is + not set, reads from stdin in the container will + always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the + stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will + remain open across multiple attach sessions. If + stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches + to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin + is closed and remains closed until the container + is restarted. If this flag is false, a container + processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the\ + \ container's termination message will be written\ + \ is mounted into the container's filesystem.\ + \ Message written is intended to be brief final\ + \ status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across\ + \ all containers will be limited to 12kb. Defaults\ + \ to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both + success and failure. FallbackToLogsOnError will + use the last chunk of container log output if + the termination message file is empty and the + container exited with an error. The log output + is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default + is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume + should be mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). + type: str + working_dir: + description: + - Container's working directory. If not specified, + the container runtime's default will be used, + which might be configured in the container image. + Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a @@ -1589,6 +3611,12 @@ cron_job_list: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched + by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes @@ -1700,6 +3728,49 @@ cron_job_list: signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key + is empty, operator must be Exists; this combination + means to match all values and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for + value, so that a pod can tolerate all taints of + a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the + taint. By default, it is not set, which means + tolerate the taint forever (do not evict). Zero + and negative values will be treated as 0 (evict + immediately) by the system. + type: int + value: + description: + - Value is the taint value the toleration matches + to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers @@ -1767,6 +3838,14 @@ cron_job_list: Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks + per storage account Dedicated: single blob + disk per storage account Managed: azure managed + data disk (only in managed availability set). + defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here @@ -1884,9 +3963,9 @@ cron_job_list: into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the - volume setup will error. Paths must be relative - and may not contain the '..' path or start - with '..'. + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. type: list contains: key: @@ -1914,6 +3993,11 @@ cron_job_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys + must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the @@ -1989,8 +4073,7 @@ cron_job_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -2008,6 +4091,17 @@ cron_job_list: use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for + this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that + the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is @@ -2199,6 +4293,14 @@ cron_job_list: exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want @@ -2220,11 +4322,29 @@ cron_job_list: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either + an IP or ip_addr:port if the port is other + than default (typically TCP ports 860 and + 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator + authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either @@ -2295,6 +4415,238 @@ cron_job_list: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount + Must be a filesystem type supported by the + host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, + and downward API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories + within the path are not affected by this setting. + This might be in conflict with other options + that affect the file mode, like fsGroup, and + the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to + project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair + in the Data field of the referenced + ConfigMap will be projected into the + volume as a file whose name is the + key and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the ConfigMap, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on + this file, must be a value between + 0 and 0777. If not specified, + the volume defaultMode will be + used. This might be in conflict + with other options that affect + the file mode, like fsGroup, and + the result can be other mode bits + set.' + type: int + path: + description: + - The relative path of the file + to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not + start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's + keys must be defined + type: bool + downward_api: + description: + - information about the downwardAPI data + to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume + file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of + the pod: only annotations, labels, + name and namespace are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the + FieldPath is written in terms + of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select + in the specified API version. + type: str + mode: + description: + - 'Optional: mode bits to use on + this file, must be a value between + 0 and 0777. If not specified, + the volume defaultMode will be + used. This might be in conflict + with other options that affect + the file mode, like fsGroup, and + the result can be other mode bits + set.' + type: int + path: + description: + - "Required: Path is the relative\ + \ path name of the file to be\ + \ created. Must not be absolute\ + \ or contain the '..' path. Must\ + \ be utf-8 encoded. The first\ + \ item of the relative path must\ + \ not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: + only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required + for volumes, optional for + env vars' + type: str + divisor: + description: + - Specifies the output format + of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair + in the Data field of the referenced + Secret will be projected into the + volume as a file whose name is the + key and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the Secret, the volume setup will + error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on + this file, must be a value between + 0 and 0777. If not specified, + the volume defaultMode will be + used. This might be in conflict + with other options that affect + the file mode, like fsGroup, and + the result can be other mode bits + set.' + type: int + path: + description: + - The relative path of the file + to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not + start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its + key must be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host @@ -2382,6 +4734,70 @@ cron_job_list: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem + type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the + configured storage (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO + user and other sensitive information. If this + is not provided, Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with + Gateway, default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume + should be thick or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection + domain (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured + in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the + ScaleIO system that is associated with this + volume source. + type: str secret: description: - Secret represents a secret that should populate @@ -2408,9 +4824,9 @@ cron_job_list: into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume - setup will error. Paths must be relative and - may not contain the '..' path or start with - '..'. + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -2434,11 +4850,64 @@ cron_job_list: not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must + be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem + type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for + obtaining the StorageOS API credentials. If + not specified, default values will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique + within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is + specified then the Pod's namespace will be + used. This allows the Kubernetes name scoping + to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to + override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached @@ -2452,13 +4921,23 @@ cron_job_list: Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile + name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk type: str schedule: description: - - Schedule contains the schedule in Cron format, see + - The schedule in Cron format, see type: str starting_deadline_seconds: description: @@ -2466,19 +4945,24 @@ cron_job_list: time for any reason. Missed jobs executions will be counted as failed ones. type: int + successful_jobs_history_limit: + description: + - The number of successful finished jobs to retain. This is a pointer + to distinguish between explicit zero and not specified. + type: int suspend: description: - - Suspend flag tells the controller to suspend subsequent executions, - it does not apply to already started executions. Defaults to false. + - This flag tells the controller to suspend subsequent executions, it + does not apply to already started executions. Defaults to false. type: bool status: description: - - Status is a structure describing current status of a job. + - Current status of a cron job. type: complex contains: active: description: - - Active holds pointers to currently running jobs. + - A list of pointers to currently running jobs. type: list contains: api_version: @@ -2519,8 +5003,7 @@ cron_job_list: type: str last_schedule_time: description: - - LastScheduleTime keeps information of when was the last time the job - was successfully scheduled. + - Information when was the last time the job was successfully scheduled. type: complex contains: {} kind: @@ -2531,7 +5014,7 @@ cron_job_list: type: str metadata: description: - - Standard list metadata + - Standard list metadata. type: complex contains: resource_version: diff --git a/library/k8s_v2alpha1_horizontal_pod_autoscaler.py b/library/k8s_v2alpha1_horizontal_pod_autoscaler.py new file mode 100644 index 00000000..8e3dd4e5 --- /dev/null +++ b/library/k8s_v2alpha1_horizontal_pod_autoscaler.py @@ -0,0 +1,762 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v2alpha1_horizontal_pod_autoscaler +short_description: Kubernetes HorizontalPodAutoscaler +description: +- Manage the lifecycle of a horizontal_pod_autoscaler object. Supports check mode, + and attempts to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + spec_max_replicas: + description: + - maxReplicas is the upper limit for the number of replicas to which the autoscaler + can scale up. It cannot be less that minReplicas. + aliases: + - max_replicas + type: int + spec_metrics: + description: + - metrics contains the specifications for which to use to calculate the desired + replica count (the maximum replica count across all metrics will be used). The + desired replica count is calculated multiplying the ratio between the target + value and the current value by the current number of pods. Ergo, metrics used + must decrease as the pod count is increased, and vice-versa. See the individual + metric source types for more information about how each type of metric must + respond. + aliases: + - metrics + type: list + spec_min_replicas: + description: + - minReplicas is the lower limit for the number of replicas to which the autoscaler + can scale down. It defaults to 1 pod. + aliases: + - min_replicas + type: int + spec_scale_target_ref_api_version: + description: + - API version of the referent + aliases: + - scale_target_ref_api_version + spec_scale_target_ref_kind: + description: + - Kind of the referent; + aliases: + - scale_target_ref_kind + spec_scale_target_ref_name: + description: + - Name of the referent; + aliases: + - scale_target_ref_name + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +horizontal_pod_autoscaler: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - metadata is the standard object metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + spec: + description: + - spec is the specification for the behaviour of the autoscaler. + type: complex + contains: + max_replicas: + description: + - maxReplicas is the upper limit for the number of replicas to which the + autoscaler can scale up. It cannot be less that minReplicas. + type: int + metrics: + description: + - metrics contains the specifications for which to use to calculate the + desired replica count (the maximum replica count across all metrics will + be used). The desired replica count is calculated multiplying the ratio + between the target value and the current value by the current number of + pods. Ergo, metrics used must decrease as the pod count is increased, + and vice-versa. See the individual metric source types for more information + about how each type of metric must respond. + type: list + contains: + object: + description: + - object refers to a metric describing a single kubernetes object (for + example, hits-per-second on an Ingress object). + type: complex + contains: + metric_name: + description: + - metricName is the name of the metric in question. + type: str + target: + description: + - target is the described Kubernetes object. + type: complex + contains: + api_version: + description: + - API version of the referent + type: str + kind: + description: + - Kind of the referent; + type: str + name: + description: + - Name of the referent; + type: str + target_value: + description: + - targetValue is the target value of the metric (as a quantity). + type: str + pods: + description: + - pods refers to a metric describing each pod in the current scale target + (for example, transactions-processed-per-second). The values will + be averaged together before being compared to the target value. + type: complex + contains: + metric_name: + description: + - metricName is the name of the metric in question + type: str + target_average_value: + description: + - targetAverageValue is the target value of the average of the metric + across all relevant pods (as a quantity) + type: str + resource: + description: + - resource refers to a resource metric (such as those specified in requests + and limits) known to Kubernetes describing each pod in the current + scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, + and have special scaling options on top of those available to normal + per-pod metrics using the "pods" source. + type: complex + contains: + name: + description: + - name is the name of the resource in question. + type: str + target_average_utilization: + description: + - targetAverageUtilization is the target value of the average of + the resource metric across all relevant pods, represented as a + percentage of the requested value of the resource for the pods. + type: int + target_average_value: + description: + - targetAverageValue is the target value of the average of the resource + metric across all relevant pods, as a raw value (instead of as + a percentage of the request), similar to the "pods" metric source + type. + type: str + type: + description: + - type is the type of metric source. It should match one of the fields + below. + type: str + min_replicas: + description: + - minReplicas is the lower limit for the number of replicas to which the + autoscaler can scale down. It defaults to 1 pod. + type: int + scale_target_ref: + description: + - scaleTargetRef points to the target resource to scale, and is used to + the pods for which metrics should be collected, as well as to actually + change the replica count. + type: complex + contains: + api_version: + description: + - API version of the referent + type: str + kind: + description: + - Kind of the referent; + type: str + name: + description: + - Name of the referent; + type: str + status: + description: + - status is the current information about the autoscaler. + type: complex + contains: + conditions: + description: + - conditions is the set of conditions required for this autoscaler to scale + its target, and indicates whether or not those conditions are met. + type: list + contains: + last_transition_time: + description: + - lastTransitionTime is the last time the condition transitioned from + one status to another + type: complex + contains: {} + message: + description: + - message is a human-readable explanation containing details about the + transition + type: str + reason: + description: + - reason is the reason for the condition's last transition. + type: str + status: + description: + - status is the status of the condition (True, False, Unknown) + type: str + type: + description: + - type describes the current condition + type: str + current_metrics: + description: + - currentMetrics is the last read state of the metrics used by this autoscaler. + type: list + contains: + object: + description: + - object refers to a metric describing a single kubernetes object (for + example, hits-per-second on an Ingress object). + type: complex + contains: + current_value: + description: + - currentValue is the current value of the metric (as a quantity). + type: str + metric_name: + description: + - metricName is the name of the metric in question. + type: str + target: + description: + - target is the described Kubernetes object. + type: complex + contains: + api_version: + description: + - API version of the referent + type: str + kind: + description: + - Kind of the referent; + type: str + name: + description: + - Name of the referent; + type: str + pods: + description: + - pods refers to a metric describing each pod in the current scale target + (for example, transactions-processed-per-second). The values will + be averaged together before being compared to the target value. + type: complex + contains: + current_average_value: + description: + - currentAverageValue is the current value of the average of the + metric across all relevant pods (as a quantity) + type: str + metric_name: + description: + - metricName is the name of the metric in question + type: str + resource: + description: + - resource refers to a resource metric (such as those specified in requests + and limits) known to Kubernetes describing each pod in the current + scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, + and have special scaling options on top of those available to normal + per-pod metrics using the "pods" source. + type: complex + contains: + current_average_utilization: + description: + - currentAverageUtilization is the current value of the average + of the resource metric across all relevant pods, represented as + a percentage of the requested value of the resource for the pods. + It will only be present if `targetAverageValue` was set in the + corresponding metric specification. + type: int + current_average_value: + description: + - currentAverageValue is the current value of the average of the + resource metric across all relevant pods, as a raw value (instead + of as a percentage of the request), similar to the "pods" metric + source type. It will always be set, regardless of the corresponding + metric specification. + type: str + name: + description: + - name is the name of the resource in question. + type: str + type: + description: + - type is the type of metric source. It will match one of the fields + below. + type: str + current_replicas: + description: + - currentReplicas is current number of replicas of pods managed by this + autoscaler, as last seen by the autoscaler. + type: int + desired_replicas: + description: + - desiredReplicas is the desired number of replicas of pods managed by this + autoscaler, as last calculated by the autoscaler. + type: int + last_scale_time: + description: + - lastScaleTime is the last time the HorizontalPodAutoscaler scaled the + number of pods, used by the autoscaler to control how often the number + of pods is changed. + type: complex + contains: {} + observed_generation: + description: + - observedGeneration is the most recent generation observed by this autoscaler. + type: int +''' + + +def main(): + try: + module = KubernetesAnsibleModule('horizontal_pod_autoscaler', 'V2alpha1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v2alpha1_horizontal_pod_autoscaler_list.py b/library/k8s_v2alpha1_horizontal_pod_autoscaler_list.py new file mode 100644 index 00000000..e38d27fd --- /dev/null +++ b/library/k8s_v2alpha1_horizontal_pod_autoscaler_list.py @@ -0,0 +1,750 @@ +#!/usr/bin/env python + +from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException + +DOCUMENTATION = ''' +module: k8s_v2alpha1_horizontal_pod_autoscaler_list +short_description: Kubernetes HorizontalPodAutoscalerList +description: +- Retrieve a list of horizontal_pod_autoscalers. List operations provide a snapshot + read of the underlying objects, returning a resource_version representing a consistent + version of the listed objects. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- kubernetes == 3.0.0 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +horizontal_pod_autoscaler_list: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + items: + description: + - items is the list of horizontal pod autoscaler objects. + type: list + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. + type: str + metadata: + description: + - metadata is the standard object metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource + that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when modifying + objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used + to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver is + going to ignore it if set in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. + It is represented in RFC3339 form and is in UTC. Populated by the + system. Read-only. Null for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource + will be deleted. This field is set by the server when a graceful deletion + is requested by the user, and is not directly settable by a client. + The resource is expected to be deleted (no longer visible from resource + lists, and not reachable by name) after the time in this field. Once + set, this value may not be unset or be set further into the future, + although it may be shortened or the resource may be deleted prior + to this time. For example, a user may request that a pod is deleted + in 30 seconds. The Kubelet will react by sending a graceful termination + signal to the containers in the pod. After that 30 seconds, the Kubelet + will send a hard termination signal (SIGKILL) to the container and + after cleanup, remove the pod from the API. In the presence of network + partitions, this object may still exist after this timestamp, until + an administrator or automated process can determine the resource is + fully terminated. If not set, graceful deletion of the object has + not been requested. Populated by the system when a graceful deletion + is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each + entry is an identifier for the responsible component that will remove + the entry from the list. If the deletionTimestamp of the object is + non-nil, entries in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate + a unique name ONLY IF the Name field has not been provided. If this + field is used, the name returned to the client will be different than + the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make + the value unique on the server. If this field is specified and the + generated name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time allotted, + and the client should retry (optionally after the time indicated in + the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired + state. Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily + intended for creation idempotence and configuration definition. Cannot + be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" + is the canonical representation. Not all objects are required to be + scoped to a namespace - the value of this field for those objects + will be empty. Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list + have been deleted, this object will be garbage collected. If this + object is managed by a controller, then an entry in this list will + point to this controller, with the controller field set to true. There + cannot be more than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object + that can be used by clients to determine when objects have changed. + May be used for optimistic concurrency, change detection, and the + watch operation on a resource or set of resources. Clients must treat + these values as opaque and passed unmodified back to the server. They + may only be valid for a particular resource or set of resources. Populated + by the system. Read-only. Value must be treated as opaque by clients + and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. + Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is + not allowed to change on PUT operations. Populated by the system. + Read-only. + type: str + spec: + description: + - spec is the specification for the behaviour of the autoscaler. + type: complex + contains: + max_replicas: + description: + - maxReplicas is the upper limit for the number of replicas to which + the autoscaler can scale up. It cannot be less that minReplicas. + type: int + metrics: + description: + - metrics contains the specifications for which to use to calculate + the desired replica count (the maximum replica count across all metrics + will be used). The desired replica count is calculated multiplying + the ratio between the target value and the current value by the current + number of pods. Ergo, metrics used must decrease as the pod count + is increased, and vice-versa. See the individual metric source types + for more information about how each type of metric must respond. + type: list + contains: + object: + description: + - object refers to a metric describing a single kubernetes object + (for example, hits-per-second on an Ingress object). + type: complex + contains: + metric_name: + description: + - metricName is the name of the metric in question. + type: str + target: + description: + - target is the described Kubernetes object. + type: complex + contains: + api_version: + description: + - API version of the referent + type: str + kind: + description: + - Kind of the referent; + type: str + name: + description: + - Name of the referent; + type: str + target_value: + description: + - targetValue is the target value of the metric (as a quantity). + type: str + pods: + description: + - pods refers to a metric describing each pod in the current scale + target (for example, transactions-processed-per-second). The values + will be averaged together before being compared to the target + value. + type: complex + contains: + metric_name: + description: + - metricName is the name of the metric in question + type: str + target_average_value: + description: + - targetAverageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + type: str + resource: + description: + - resource refers to a resource metric (such as those specified + in requests and limits) known to Kubernetes describing each pod + in the current scale target (e.g. CPU or memory). Such metrics + are built in to Kubernetes, and have special scaling options on + top of those available to normal per-pod metrics using the "pods" + source. + type: complex + contains: + name: + description: + - name is the name of the resource in question. + type: str + target_average_utilization: + description: + - targetAverageUtilization is the target value of the average + of the resource metric across all relevant pods, represented + as a percentage of the requested value of the resource for + the pods. + type: int + target_average_value: + description: + - targetAverageValue is the target value of the average of the + resource metric across all relevant pods, as a raw value (instead + of as a percentage of the request), similar to the "pods" + metric source type. + type: str + type: + description: + - type is the type of metric source. It should match one of the + fields below. + type: str + min_replicas: + description: + - minReplicas is the lower limit for the number of replicas to which + the autoscaler can scale down. It defaults to 1 pod. + type: int + scale_target_ref: + description: + - scaleTargetRef points to the target resource to scale, and is used + to the pods for which metrics should be collected, as well as to actually + change the replica count. + type: complex + contains: + api_version: + description: + - API version of the referent + type: str + kind: + description: + - Kind of the referent; + type: str + name: + description: + - Name of the referent; + type: str + status: + description: + - status is the current information about the autoscaler. + type: complex + contains: + conditions: + description: + - conditions is the set of conditions required for this autoscaler to + scale its target, and indicates whether or not those conditions are + met. + type: list + contains: + last_transition_time: + description: + - lastTransitionTime is the last time the condition transitioned + from one status to another + type: complex + contains: {} + message: + description: + - message is a human-readable explanation containing details about + the transition + type: str + reason: + description: + - reason is the reason for the condition's last transition. + type: str + status: + description: + - status is the status of the condition (True, False, Unknown) + type: str + type: + description: + - type describes the current condition + type: str + current_metrics: + description: + - currentMetrics is the last read state of the metrics used by this + autoscaler. + type: list + contains: + object: + description: + - object refers to a metric describing a single kubernetes object + (for example, hits-per-second on an Ingress object). + type: complex + contains: + current_value: + description: + - currentValue is the current value of the metric (as a quantity). + type: str + metric_name: + description: + - metricName is the name of the metric in question. + type: str + target: + description: + - target is the described Kubernetes object. + type: complex + contains: + api_version: + description: + - API version of the referent + type: str + kind: + description: + - Kind of the referent; + type: str + name: + description: + - Name of the referent; + type: str + pods: + description: + - pods refers to a metric describing each pod in the current scale + target (for example, transactions-processed-per-second). The values + will be averaged together before being compared to the target + value. + type: complex + contains: + current_average_value: + description: + - currentAverageValue is the current value of the average of + the metric across all relevant pods (as a quantity) + type: str + metric_name: + description: + - metricName is the name of the metric in question + type: str + resource: + description: + - resource refers to a resource metric (such as those specified + in requests and limits) known to Kubernetes describing each pod + in the current scale target (e.g. CPU or memory). Such metrics + are built in to Kubernetes, and have special scaling options on + top of those available to normal per-pod metrics using the "pods" + source. + type: complex + contains: + current_average_utilization: + description: + - currentAverageUtilization is the current value of the average + of the resource metric across all relevant pods, represented + as a percentage of the requested value of the resource for + the pods. It will only be present if `targetAverageValue` + was set in the corresponding metric specification. + type: int + current_average_value: + description: + - currentAverageValue is the current value of the average of + the resource metric across all relevant pods, as a raw value + (instead of as a percentage of the request), similar to the + "pods" metric source type. It will always be set, regardless + of the corresponding metric specification. + type: str + name: + description: + - name is the name of the resource in question. + type: str + type: + description: + - type is the type of metric source. It will match one of the fields + below. + type: str + current_replicas: + description: + - currentReplicas is current number of replicas of pods managed by this + autoscaler, as last seen by the autoscaler. + type: int + desired_replicas: + description: + - desiredReplicas is the desired number of replicas of pods managed + by this autoscaler, as last calculated by the autoscaler. + type: int + last_scale_time: + description: + - lastScaleTime is the last time the HorizontalPodAutoscaler scaled + the number of pods, used by the autoscaler to control how often the + number of pods is changed. + type: complex + contains: {} + observed_generation: + description: + - observedGeneration is the most recent generation observed by this + autoscaler. + type: int + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - metadata is the standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this object that + can be used by clients to determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str +''' + + +def main(): + try: + module = KubernetesAnsibleModule('horizontal_pod_autoscaler_list', 'V2alpha1') + except KubernetesAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except KubernetesAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/k8s_v2alpha1_job.py b/library/k8s_v2alpha1_job.py deleted file mode 100644 index 446e8d0a..00000000 --- a/library/k8s_v2alpha1_job.py +++ /dev/null @@ -1,2427 +0,0 @@ -#!/usr/bin/env python - -from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException - -DOCUMENTATION = ''' -module: k8s_v2alpha1_job -short_description: Kubernetes Job -description: -- Manage the lifecycle of a job object. Supports check mode, and attempts to to be - idempotent. -version_added: 2.3.0 -author: OpenShift (@openshift) -options: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. They are - not queryable and should be preserved when modifying objects. - type: dict - api_key: - description: - - Token used to connect to the API. - cert_file: - description: - - Path to a certificate used to authenticate with the API. - type: path - context: - description: - - The name of a context found in the Kubernetes config file. - debug: - description: - - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log - default: false - type: bool - force: - description: - - If set to C(True), and I(state) is C(present), an existing object will updated, - and lists will be replaced, rather than merged. - default: false - type: bool - host: - description: - - Provide a URL for acessing the Kubernetes API. - key_file: - description: - - Path to a key file used to authenticate with the API. - type: path - kubeconfig: - description: - - Path to an existing Kubernetes config file. If not provided, and no other connection - options are provided, the openshift client will attempt to load the default - configuration file from I(~/.kube/config.json). - type: path - labels: - description: - - Map of string keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers and services. - type: dict - name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation idempotence and - configuration definition. Cannot be updated. - namespace: - description: - - Namespace defines the space within each name must be unique. An empty namespace - is equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. - password: - description: - - Provide a password for connecting to the API. Use in conjunction with I(username). - resource_definition: - description: - - Provide the YAML definition for the object, bypassing any modules parameters - intended to define object attributes. - type: dict - spec_active_deadline_seconds: - description: - - Optional duration in seconds relative to the startTime that the job may be active - before the system tries to terminate it; value must be positive integer - aliases: - - active_deadline_seconds - type: int - spec_completions: - description: - - Completions specifies the desired number of successfully finished pods the job - should be run with. Setting to nil means that the success of any pod signals - the success of all pods, and allows parallelism to have any positive value. - Setting to 1 means that parallelism is limited to 1 and the success of that - pod signals the success of the job. - aliases: - - completions - type: int - spec_manual_selector: - description: - - ManualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` - unset unless you are certain what you are doing. When false or unset, the system - pick labels unique to this job and appends those labels to the pod template. - When true, the user is responsible for picking unique labels and specifying - the selector. Failure to pick a unique label may cause this and other jobs to - not function correctly. However, You may see `manualSelector=true` in jobs that - were created with the old `extensions/v1beta1` API. - aliases: - - manual_selector - type: bool - spec_parallelism: - description: - - Parallelism specifies the maximum desired number of pods the job should run - at any given time. The actual number of pods running in steady state will be - less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), - i.e. when the work left to do is less than max parallelism. - aliases: - - parallelism - type: int - spec_selector_match_expressions: - description: - - matchExpressions is a list of label selector requirements. The requirements - are ANDed. - aliases: - - selector_match_expressions - type: list - spec_selector_match_labels: - description: - - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only "value". The requirements - are ANDed. - aliases: - - selector_match_labels - type: dict - spec_template_metadata_annotations: - description: - - Annotations is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. They are - not queryable and should be preserved when modifying objects. - type: dict - spec_template_metadata_labels: - description: - - Map of string keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers and services. - type: dict - spec_template_metadata_name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation idempotence and - configuration definition. Cannot be updated. - spec_template_metadata_namespace: - description: - - Namespace defines the space within each name must be unique. An empty namespace - is equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. - spec_template_spec_active_deadline_seconds: - description: - - Optional duration in seconds the pod may be active on the node relative to StartTime - before the system will actively try to mark it failed and kill associated containers. - Value must be a positive integer. - aliases: - - active_deadline_seconds - type: int - spec_template_spec_containers: - description: - - List of containers belonging to the pod. Containers cannot currently be added - or removed. There must be at least one container in a Pod. Cannot be updated. - aliases: - - containers - type: list - spec_template_spec_dns_policy: - description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". - aliases: - - dns_policy - spec_template_spec_host_ipc: - description: - - "Use the host's ipc namespace. Optional: Default to false." - aliases: - - host_ipc - type: bool - spec_template_spec_host_network: - description: - - Host networking requested for this pod. Use the host's network namespace. If - this option is set, the ports that will be used must be specified. Default to - false. - aliases: - - host_network - type: bool - spec_template_spec_host_pid: - description: - - "Use the host's pid namespace. Optional: Default to false." - aliases: - - host_pid - type: bool - spec_template_spec_hostname: - description: - - Specifies the hostname of the Pod If not specified, the pod's hostname will - be set to a system-defined value. - aliases: - - hostname - spec_template_spec_image_pull_secrets: - description: - - ImagePullSecrets is an optional list of references to secrets in the same namespace - to use for pulling any of the images used by this PodSpec. If specified, these - secrets will be passed to individual puller implementations for them to use. - For example, in the case of docker, only DockerConfig type secrets are honored. - aliases: - - image_pull_secrets - type: list - spec_template_spec_node_name: - description: - - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - the scheduler simply schedules this pod onto that node, assuming that it fits - resource requirements. - aliases: - - node_name - spec_template_spec_node_selector: - description: - - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that - node. - aliases: - - node_selector - type: dict - spec_template_spec_restart_policy: - description: - - Restart policy for all containers within the pod. One of Always, OnFailure, - Never. Default to Always. - aliases: - - restart_policy - spec_template_spec_security_context_fs_group: - description: - - "A special supplemental group that applies to all containers in a pod. Some\ - \ volume types allow the Kubelet to change the ownership of that volume to be\ - \ owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit\ - \ is set (new files created in the volume will be owned by FSGroup) 3. The permission\ - \ bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership\ - \ and permissions of any volume." - aliases: - - security_context_fs_group - type: int - spec_template_spec_security_context_run_as_non_root: - description: - - Indicates that the container must run as a non-root user. If true, the Kubelet - will validate the image at runtime to ensure that it does not run as UID 0 (root) - and fail to start the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext takes precedence. - aliases: - - security_context_run_as_non_root - type: bool - spec_template_spec_security_context_run_as_user: - description: - - The UID to run the entrypoint of the container process. Defaults to user specified - in image metadata if unspecified. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - aliases: - - security_context_run_as_user - type: int - spec_template_spec_security_context_se_linux_options_level: - description: - - Level is SELinux level label that applies to the container. - aliases: - - security_context_se_linux_options_level - spec_template_spec_security_context_se_linux_options_role: - description: - - Role is a SELinux role label that applies to the container. - aliases: - - security_context_se_linux_options_role - spec_template_spec_security_context_se_linux_options_type: - description: - - Type is a SELinux type label that applies to the container. - aliases: - - security_context_se_linux_options_type - spec_template_spec_security_context_se_linux_options_user: - description: - - User is a SELinux user label that applies to the container. - aliases: - - security_context_se_linux_options_user - spec_template_spec_security_context_supplemental_groups: - description: - - A list of groups applied to the first process run in each container, in addition - to the container's primary GID. If unspecified, no groups will be added to any - container. - aliases: - - security_context_supplemental_groups - type: list - spec_template_spec_service_account: - description: - - 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: - Use serviceAccountName instead.' - aliases: - - service_account - spec_template_spec_service_account_name: - description: - - ServiceAccountName is the name of the ServiceAccount to use to run this pod. - aliases: - - service_account_name - spec_template_spec_subdomain: - description: - - If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a - domainname at all. - aliases: - - subdomain - spec_template_spec_termination_grace_period_seconds: - description: - - Optional duration in seconds the pod needs to terminate gracefully. May be decreased - in delete request. Value must be non-negative integer. The value zero indicates - delete immediately. If this value is nil, the default grace period will be used - instead. The grace period is the duration in seconds after the processes running - in the pod are sent a termination signal and the time when the processes are - forcibly halted with a kill signal. Set this value longer than the expected - cleanup time for your process. Defaults to 30 seconds. - aliases: - - termination_grace_period_seconds - type: int - spec_template_spec_volumes: - description: - - List of volumes that can be mounted by containers belonging to the pod. - aliases: - - volumes - type: list - src: - description: - - Provide a path to a file containing the YAML definition of the object. Mutually - exclusive with I(resource_definition). - type: path - ssl_ca_cert: - description: - - Path to a CA certificate used to authenticate with the API. - type: path - state: - description: - - Determines if an object should be created, patched, or deleted. When set to - C(present), the object will be created, if it does not exist, or patched, if - parameter values differ from the existing object's attributes, and deleted, - if set to C(absent). A patch operation results in merging lists and updating - dictionaries, with lists being merged into a unique set of values. If a list - contains a dictionary with a I(name) or I(type) attribute, a strategic merge - is performed, where individual elements with a matching I(name_) or I(type) - are merged. To force the replacement of lists, set the I(force) option to C(True). - default: present - choices: - - present - - absent - username: - description: - - Provide a username for connecting to the API. - verify_ssl: - description: - - Whether or not to verify the API server's SSL certificates. - type: bool -requirements: -- kubernetes == 1.0.0 -''' - -EXAMPLES = ''' -''' - -RETURN = ''' -api_version: - type: string - description: Requested API version -job: - type: complex - returned: when I(state) = C(present) - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. - type: str - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource that - may be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used to distinguish - resources with same name and namespace in different clusters. This field - is not set anywhere right now and apiserver is going to ignore it if set - in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time when this - object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null - for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate before - it will be removed from the system. Only set when deletionTimestamp is - also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource will - be deleted. This field is set by the server when a graceful deletion is - requested by the user, and is not directly settable by a client. The resource - is expected to be deleted (no longer visible from resource lists, and - not reachable by name) after the time in this field. Once set, this value - may not be unset or be set further into the future, although it may be - shortened or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet will - react by sending a graceful termination signal to the containers in the - pod. After that 30 seconds, the Kubelet will send a hard termination signal - (SIGKILL) to the container and after cleanup, remove the pod from the - API. In the presence of network partitions, this object may still exist - after this timestamp, until an administrator or automated process can - determine the resource is fully terminated. If not set, graceful deletion - of the object has not been requested. Populated by the system when a graceful - deletion is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. Each entry - is an identifier for the responsible component that will remove the entry - from the list. If the deletionTimestamp of the object is non-nil, entries - in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate a - unique name ONLY IF the Name field has not been provided. If this field - is used, the name returned to the client will be different than the name - passed. This value will also be combined with a unique suffix. The provided - value has the same validation rules as the Name field, and may be truncated - by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created or 500 with - Reason ServerTimeout indicating a unique name could not be found in the - time allotted, and the client should retry (optionally after the time - indicated in the Retry-After header). Applied only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired state. - Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of - an appropriate name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An empty - namespace is equivalent to the "default" namespace, but "default" is the - canonical representation. Not all objects are required to be scoped to - a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the list have - been deleted, this object will be garbage collected. If this object is - managed by a controller, then an entry in this list will point to this - controller, with the controller field set to true. There cannot be more - than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object that - can be used by clients to determine when objects have changed. May be - used for optimistic concurrency, change detection, and the watch operation - on a resource or set of resources. Clients must treat these values as - opaque and passed unmodified back to the server. They may only be valid - for a particular resource or set of resources. Populated by the system. - Read-only. Value must be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It is typically - generated by the server on successful creation of a resource and is not - allowed to change on PUT operations. Populated by the system. Read-only. - type: str - spec: - description: - - Spec is a structure defining the expected behavior of a job. - type: complex - contains: - active_deadline_seconds: - description: - - Optional duration in seconds relative to the startTime that the job may - be active before the system tries to terminate it; value must be positive - integer - type: int - completions: - description: - - Completions specifies the desired number of successfully finished pods - the job should be run with. Setting to nil means that the success of any - pod signals the success of all pods, and allows parallelism to have any - positive value. Setting to 1 means that parallelism is limited to 1 and - the success of that pod signals the success of the job. - type: int - manual_selector: - description: - - ManualSelector controls generation of pod labels and pod selectors. Leave - `manualSelector` unset unless you are certain what you are doing. When - false or unset, the system pick labels unique to this job and appends - those labels to the pod template. When true, the user is responsible for - picking unique labels and specifying the selector. Failure to pick a unique - label may cause this and other jobs to not function correctly. However, - You may see `manualSelector=true` in jobs that were created with the old - `extensions/v1beta1` API. - type: bool - parallelism: - description: - - Parallelism specifies the maximum desired number of pods the job should - run at any given time. The actual number of pods running in steady state - will be less than this number when ((.spec.completions - .status.successful) - < .spec.parallelism), i.e. when the work left to do is less than max parallelism. - type: int - selector: - description: - - Selector is a label query over pods that should match the pod count. Normally, - the system sets this field for you. - type: complex - contains: - match_expressions: - description: - - matchExpressions is a list of label selector requirements. The requirements - are ANDed. - type: list - contains: - key: - description: - - key is the label key that the selector applies to. - type: str - operator: - description: - - operator represents a key's relationship to a set of values. Valid - operators ard In, NotIn, Exists and DoesNotExist. - type: str - values: - description: - - values is an array of string values. If the operator is In or - NotIn, the values array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must be empty. This array - is replaced during a strategic merge patch. - type: list - contains: str - match_labels: - description: - - matchLabels is a map of {key,value} pairs. A single {key,value} in - the matchLabels map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: complex - contains: str, str - template: - description: - - Template is the object that describes the pod that will be created when - executing a job. - type: complex - contains: - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource - that may be set by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be preserved when - modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used - to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver - is going to ignore it if set in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in - happens-before order across separate operations. Clients may not - set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource - will be deleted. This field is set by the server when a graceful - deletion is requested by the user, and is not directly settable - by a client. The resource is expected to be deleted (no longer - visible from resource lists, and not reachable by name) after - the time in this field. Once set, this value may not be unset - or be set further into the future, although it may be shortened - or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet - will react by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a hard - termination signal (SIGKILL) to the container and after cleanup, - remove the pod from the API. In the presence of network partitions, - this object may still exist after this timestamp, until an administrator - or automated process can determine the resource is fully terminated. - If not set, graceful deletion of the object has not been requested. - Populated by the system when a graceful deletion is requested. - Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component that - will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate - a unique name ONLY IF the Name field has not been provided. If - this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a - unique suffix. The provided value has the same validation rules - as the Name field, and may be truncated by the length of the suffix - required to make the value unique on the server. If this field - is specified and the generated name exists, the server will NOT - return a 409 - instead, it will either return 201 Created or 500 - with Reason ServerTimeout indicating a unique name could not be - found in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied only - if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired - state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and - categorize (scope and select) objects. May match selectors of - replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration definition. - Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An - empty namespace is equivalent to the "default" namespace, but - "default" is the canonical representation. Not all objects are - required to be scoped to a namespace - the value of this field - for those objects will be empty. Must be a DNS_LABEL. Cannot be - updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the - list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object - that can be used by clients to determine when objects have changed. - May be used for optimistic concurrency, change detection, and - the watch operation on a resource or set of resources. Clients - must treat these values as opaque and passed unmodified back to - the server. They may only be valid for a particular resource or - set of resources. Populated by the system. Read-only. Value must - be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. - Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It - is typically generated by the server on successful creation of - a resource and is not allowed to change on PUT operations. Populated - by the system. Read-only. - type: str - spec: - description: - - Specification of the desired behavior of the pod. - type: complex - contains: - active_deadline_seconds: - description: - - Optional duration in seconds the pod may be active on the node - relative to StartTime before the system will actively try to mark - it failed and kill associated containers. Value must be a positive - integer. - type: int - containers: - description: - - List of containers belonging to the pod. Containers cannot currently - be added or removed. There must be at least one container in a - Pod. Cannot be updated. - type: list - contains: - args: - description: - - "Arguments to the entrypoint. The docker image's CMD is used\ - \ if this is not provided. Variable references $(VAR_NAME)\ - \ are expanded using the container's environment. If a variable\ - \ cannot be resolved, the reference in the input string will\ - \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ - \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ - \ be expanded, regardless of whether the variable exists or\ - \ not. Cannot be updated." - type: list - contains: str - command: - description: - - "Entrypoint array. Not executed within a shell. The docker\ - \ image's ENTRYPOINT is used if this is not provided. Variable\ - \ references $(VAR_NAME) are expanded using the container's\ - \ environment. If a variable cannot be resolved, the reference\ - \ in the input string will be unchanged. The $(VAR_NAME) syntax\ - \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ - \ references will never be expanded, regardless of whether\ - \ the variable exists or not. Cannot be updated." - type: list - contains: str - env: - description: - - List of environment variables to set in the container. Cannot - be updated. - type: list - contains: - name: - description: - - Name of the environment variable. Must be a C_IDENTIFIER. - type: str - value: - description: - - 'Variable references $(VAR_NAME) are expanded using the - previous defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: str - value_from: - description: - - Source for the environment variable's value. Cannot be - used if value is not empty. - type: complex - contains: - config_map_key_ref: - description: - - Selects a key of a ConfigMap. - type: complex - contains: - key: - description: - - The key to select. - type: str - name: - description: - - Name of the referent. - type: str - field_ref: - description: - - 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified API - version. - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed resources, - defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - secret_key_ref: - description: - - Selects a key of a secret in the pod's namespace - type: complex - contains: - key: - description: - - The key of the secret to select from. Must be - a valid secret key. - type: str - name: - description: - - Name of the referent. - type: str - image: - description: - - Docker image name. - type: str - image_pull_policy: - description: - - Image pull policy. One of Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - type: str - lifecycle: - description: - - Actions that the management system should take in response - to container lifecycle events. Cannot be updated. - type: complex - contains: - post_start: - description: - - PostStart is called immediately after a container is created. - If the handler fails, the container is terminated and - restarted according to its restart policy. Other management - of the container blocks until the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - pre_stop: - description: - - PreStop is called immediately before a container is terminated. - The container is terminated after the handler completes. - The reason for termination is passed to the handler. Regardless - of the outcome of the handler, the container is eventually - terminated. Other management of the container blocks until - the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - liveness_probe: - description: - - Periodic probe of container liveness. Container will be restarted - if the probe fails. Cannot be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside the - container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so - traditional shell instructions ('|', etc) won't work. - To use a shell, you need to explicitly call out to - that shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started before - liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default to - 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be considered - successful after having failed. Defaults to 1. Must be - 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. TCP - hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. Defaults - to 1 second. Minimum value is 1. - type: int - name: - description: - - Name of the container specified as a DNS_LABEL. Each container - in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: str - ports: - description: - - List of ports to expose from the container. Exposing a port - here gives the system additional information about the network - connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from - being exposed. Any port which is listening on the default - "0.0.0.0" address inside a container will be accessible from - the network. Cannot be updated. - type: list - contains: - container_port: - description: - - Number of port to expose on the pod's IP address. This - must be a valid port number, 0 < x < 65536. - type: int - host_ip: - description: - - What host IP to bind the external port to. - type: str - host_port: - description: - - Number of port to expose on the host. If specified, this - must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - type: int - name: - description: - - If specified, this must be an IANA_SVC_NAME and unique - within the pod. Each named port in a pod must have a unique - name. Name for the port that can be referred to by services. - type: str - protocol: - description: - - Protocol for port. Must be UDP or TCP. Defaults to "TCP". - type: str - readiness_probe: - description: - - Periodic probe of container service readiness. Container will - be removed from service endpoints if the probe fails. Cannot - be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside the - container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so - traditional shell instructions ('|', etc) won't work. - To use a shell, you need to explicitly call out to - that shell. Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started before - liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default to - 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be considered - successful after having failed. Defaults to 1. Must be - 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. TCP - hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. Defaults - to 1 second. Minimum value is 1. - type: int - resources: - description: - - Compute Resources required by this container. Cannot be updated. - type: complex - contains: - limits: - description: - - Limits describes the maximum amount of compute resources - allowed. - type: complex - contains: str, ResourceQuantity - requests: - description: - - Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to - an implementation-defined value. - type: complex - contains: str, ResourceQuantity - security_context: - description: - - Security options the pod should run with. - type: complex - contains: - capabilities: - description: - - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. - type: complex - contains: - add: - description: - - Added capabilities - type: list - contains: str - drop: - description: - - Removed capabilities - type: list - contains: str - privileged: - description: - - Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. - Defaults to false. - type: bool - read_only_root_filesystem: - description: - - Whether this container has a read-only root filesystem. - Default is false. - type: bool - run_as_non_root: - description: - - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, - no such validation will be performed. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: int - se_linux_options: - description: - - The SELinux context to be applied to the container. If - unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the container. - type: str - role: - description: - - Role is a SELinux role label that applies to the container. - type: str - type: - description: - - Type is a SELinux type label that applies to the container. - type: str - user: - description: - - User is a SELinux user label that applies to the container. - type: str - stdin: - description: - - Whether this container should allocate a buffer for stdin - in the container runtime. If this is not set, reads from stdin - in the container will always result in EOF. Default is false. - type: bool - stdin_once: - description: - - Whether the container runtime should close the stdin channel - after it has been opened by a single attach. When stdin is - true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on - container start, is empty until the first client attaches - to stdin, and then remains open and accepts data until the - client disconnects, at which time stdin is closed and remains - closed until the container is restarted. If this flag is false, - a container processes that reads from stdin will never receive - an EOF. Default is false - type: bool - termination_message_path: - description: - - "Optional: Path at which the file to which the container's\ - \ termination message will be written is mounted into the\ - \ container's filesystem. Message written is intended to be\ - \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." - type: str - tty: - description: - - Whether this container should allocate a TTY for itself, also - requires 'stdin' to be true. Default is false. - type: bool - volume_mounts: - description: - - Pod volumes to mount into the container's filesystem. Cannot - be updated. - type: list - contains: - mount_path: - description: - - Path within the container at which the volume should be - mounted. Must not contain ':'. - type: str - name: - description: - - This must match the Name of a Volume. - type: str - read_only: - description: - - Mounted read-only if true, read-write otherwise (false - or unspecified). Defaults to false. - type: bool - sub_path: - description: - - Path within the volume from which the container's volume - should be mounted. Defaults to "" (volume's root). - type: str - working_dir: - description: - - Container's working directory. If not specified, the container - runtime's default will be used, which might be configured - in the container image. Cannot be updated. - type: str - dns_policy: - description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". - type: str - host_ipc: - description: - - "Use the host's ipc namespace. Optional: Default to false." - type: bool - host_network: - description: - - Host networking requested for this pod. Use the host's network - namespace. If this option is set, the ports that will be used - must be specified. Default to false. - type: bool - host_pid: - description: - - "Use the host's pid namespace. Optional: Default to false." - type: bool - hostname: - description: - - Specifies the hostname of the Pod If not specified, the pod's - hostname will be set to a system-defined value. - type: str - image_pull_secrets: - description: - - ImagePullSecrets is an optional list of references to secrets - in the same namespace to use for pulling any of the images used - by this PodSpec. If specified, these secrets will be passed to - individual puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets are honored. - type: list - contains: - name: - description: - - Name of the referent. - type: str - node_name: - description: - - NodeName is a request to schedule this pod onto a specific node. - If it is non-empty, the scheduler simply schedules this pod onto - that node, assuming that it fits resource requirements. - type: str - node_selector: - description: - - NodeSelector is a selector which must be true for the pod to fit - on a node. Selector which must match a node's labels for the pod - to be scheduled on that node. - type: complex - contains: str, str - restart_policy: - description: - - Restart policy for all containers within the pod. One of Always, - OnFailure, Never. Default to Always. - type: str - security_context: - description: - - 'SecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type description - for default values of each field.' - type: complex - contains: - fs_group: - description: - - "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change\ - \ the ownership of that volume to be owned by the pod: 1.\ - \ The owning GID will be the FSGroup 2. The setgid bit is\ - \ set (new files created in the volume will be owned by FSGroup)\ - \ 3. The permission bits are OR'd with rw-rw---- If unset,\ - \ the Kubelet will not modify the ownership and permissions\ - \ of any volume." - type: int - run_as_non_root: - description: - - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to - ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. Defaults - to user specified in image metadata if unspecified. May also - be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - type: int - se_linux_options: - description: - - The SELinux context to be applied to all containers. If unspecified, - the container runtime will allocate a random SELinux context - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the container. - type: str - role: - description: - - Role is a SELinux role label that applies to the container. - type: str - type: - description: - - Type is a SELinux type label that applies to the container. - type: str - user: - description: - - User is a SELinux user label that applies to the container. - type: str - supplemental_groups: - description: - - A list of groups applied to the first process run in each - container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - type: list - contains: int - service_account: - description: - - 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: str - service_account_name: - description: - - ServiceAccountName is the name of the ServiceAccount to use to - run this pod. - type: str - subdomain: - description: - - If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will - not have a domainname at all. - type: str - termination_grace_period_seconds: - description: - - Optional duration in seconds the pod needs to terminate gracefully. - May be decreased in delete request. Value must be non-negative - integer. The value zero indicates delete immediately. If this - value is nil, the default grace period will be used instead. The - grace period is the duration in seconds after the processes running - in the pod are sent a termination signal and the time when the - processes are forcibly halted with a kill signal. Set this value - longer than the expected cleanup time for your process. Defaults - to 30 seconds. - type: int - volumes: - description: - - List of volumes that can be mounted by containers belonging to - the pod. - type: list - contains: - aws_elastic_block_store: - description: - - AWSElasticBlockStore represents an AWS Disk resource that - is attached to a kubelet's host machine and then exposed to - the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. If - omitted, the default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or - you can leave the property empty).' - type: int - read_only: - description: - - Specify "true" to force and set the ReadOnly property - in VolumeMounts to "true". If omitted, the default is - "false". - type: bool - volume_id: - description: - - Unique ID of the persistent disk resource in AWS (Amazon - EBS volume). - type: str - azure_disk: - description: - - AzureDisk represents an Azure Data Disk mount on the host - and bind mount to the pod. - type: complex - contains: - caching_mode: - description: - - 'Host Caching mode: None, Read Only, Read Write.' - type: str - disk_name: - description: - - The Name of the data disk in the blob storage - type: str - disk_uri: - description: - - The URI the data disk in the blob storage - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - read_only: - description: - - Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: bool - azure_file: - description: - - AzureFile represents an Azure File Service mount on the host - and bind mount to the pod. - type: complex - contains: - read_only: - description: - - Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: bool - secret_name: - description: - - the name of secret that contains Azure Storage Account - Name and Key - type: str - share_name: - description: - - Share Name - type: str - cephfs: - description: - - CephFS represents a Ceph FS mount on the host that shares - a pod's lifetime - type: complex - contains: - monitors: - description: - - 'Required: Monitors is a collection of Ceph monitors' - type: list - contains: str - path: - description: - - 'Optional: Used as the mounted root, rather than the full - Ceph tree, default is /' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_file: - description: - - 'Optional: SecretFile is the path to key ring for User, - default is /etc/ceph/user.secret' - type: str - secret_ref: - description: - - 'Optional: SecretRef is reference to the authentication - secret for User, default is empty.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - 'Optional: User is the rados user name, default is admin' - type: str - cinder: - description: - - Cinder represents a cinder volume attached and mounted on - kubelets host machine - type: complex - contains: - fs_type: - description: - - 'Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - volume_id: - description: - - volume id used to identify the volume in cinder - type: str - config_map: - description: - - ConfigMap represents a configMap that should populate this - volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect - the file mode, like fsGroup, and the result can be other - mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced ConfigMap will be projected into the - volume as a file whose name is the key and content is - the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must be - a value between 0 and 0777. If not specified, the - volume defaultMode will be used. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - type: int - path: - description: - - The relative path of the file to map the key to. May - not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: str - name: - description: - - Name of the referent. - type: str - downward_api: - description: - - DownwardAPI represents downward API about the pod that should - populate this volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect - the file mode, like fsGroup, and the result can be other - mode bits set.' - type: int - items: - description: - - Items is a list of downward API volume file - type: list - contains: - field_ref: - description: - - 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are supported.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified API - version. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must be - a value between 0 and 0777. If not specified, the - volume defaultMode will be used. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - type: int - path: - description: - - "Required: Path is the relative path name of the file\ - \ to be created. Must not be absolute or contain the\ - \ '..' path. Must be utf-8 encoded. The first item\ - \ of the relative path must not start with '..'" - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed resources, - defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - empty_dir: - description: - - EmptyDir represents a temporary directory that shares a pod's - lifetime. - type: complex - contains: - medium: - description: - - What type of storage medium should back this directory. - The default is "" which means to use the node's default - medium. Must be an empty string (default) or Memory. - type: str - fc: - description: - - FC represents a Fibre Channel resource that is attached to - a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - lun: - description: - - 'Required: FC target lun number' - type: int - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - target_ww_ns: - description: - - 'Required: FC target worldwide names (WWNs)' - type: list - contains: str - flex_volume: - description: - - FlexVolume represents a generic volume resource that is provisioned/attached - using an exec based plugin. This is an alpha feature and may - change in future. - type: complex - contains: - driver: - description: - - Driver is the name of the driver to use for this volume. - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on FlexVolume script. - type: str - options: - description: - - 'Optional: Extra command options if any.' - type: complex - contains: str, str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_ref: - description: - - 'Optional: SecretRef is reference to the secret object - containing sensitive information to pass to the plugin - scripts. This may be empty if no secret object is specified. - If the secret object contains more than one secret, all - secrets are passed to the plugin scripts.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - flocker: - description: - - Flocker represents a Flocker volume attached to a kubelet's - host machine. This depends on the Flocker control service - being running - type: complex - contains: - dataset_name: - description: - - Name of the dataset stored as metadata -> name on the - dataset for Flocker should be considered as deprecated - type: str - dataset_uuid: - description: - - UUID of the dataset. This is unique identifier of a Flocker - dataset - type: str - gce_persistent_disk: - description: - - GCEPersistentDisk represents a GCE Disk resource that is attached - to a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. If - omitted, the default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or - you can leave the property empty).' - type: int - pd_name: - description: - - Unique name of the PD resource in GCE. Used to identify - the disk in GCE. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - git_repo: - description: - - GitRepo represents a git repository at a particular revision. - type: complex - contains: - directory: - description: - - Target directory name. Must not contain or start with - '..'. If '.' is supplied, the volume directory will be - the git repository. Otherwise, if specified, the volume - will contain the git repository in the subdirectory with - the given name. - type: str - repository: - description: - - Repository URL - type: str - revision: - description: - - Commit hash for the specified revision. - type: str - glusterfs: - description: - - Glusterfs represents a Glusterfs mount on the host that shares - a pod's lifetime. - type: complex - contains: - endpoints: - description: - - EndpointsName is the endpoint name that details Glusterfs - topology. - type: str - path: - description: - - Path is the Glusterfs volume path. - type: str - read_only: - description: - - ReadOnly here will force the Glusterfs volume to be mounted - with read-only permissions. Defaults to false. - type: bool - host_path: - description: - - HostPath represents a pre-existing file or directory on the - host machine that is directly exposed to the container. This - is generally used for system agents or other privileged things - that are allowed to see the host machine. Most containers - will NOT need this. - type: complex - contains: - path: - description: - - Path of the directory on the host. - type: str - iscsi: - description: - - ISCSI represents an ISCSI Disk resource that is attached to - a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - iqn: - description: - - Target iSCSI Qualified Name. - type: str - iscsi_interface: - description: - - "Optional: Defaults to 'default' (tcp). iSCSI interface\ - \ name that uses an iSCSI transport." - type: str - lun: - description: - - iSCSI target lun number. - type: int - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - target_portal: - description: - - iSCSI target portal. The portal is either an IP or ip_addr:port - if the port is other than default (typically TCP ports - 860 and 3260). - type: str - name: - description: - - Volume's name. Must be a DNS_LABEL and unique within the pod. - type: str - nfs: - description: - - NFS represents an NFS mount on the host that shares a pod's - lifetime - type: complex - contains: - path: - description: - - Path that is exported by the NFS server. - type: str - read_only: - description: - - ReadOnly here will force the NFS export to be mounted - with read-only permissions. Defaults to false. - type: bool - server: - description: - - Server is the hostname or IP address of the NFS server. - type: str - persistent_volume_claim: - description: - - PersistentVolumeClaimVolumeSource represents a reference to - a PersistentVolumeClaim in the same namespace. - type: complex - contains: - claim_name: - description: - - ClaimName is the name of a PersistentVolumeClaim in the - same namespace as the pod using this volume. - type: str - read_only: - description: - - Will force the ReadOnly setting in VolumeMounts. Default - false. - type: bool - photon_persistent_disk: - description: - - PhotonPersistentDisk represents a PhotonController persistent - disk attached and mounted on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - pd_id: - description: - - ID that identifies Photon Controller persistent disk - type: str - quobyte: - description: - - Quobyte represents a Quobyte mount on the host that shares - a pod's lifetime - type: complex - contains: - group: - description: - - Group to map volume access to Default is no group - type: str - read_only: - description: - - ReadOnly here will force the Quobyte volume to be mounted - with read-only permissions. Defaults to false. - type: bool - registry: - description: - - Registry represents a single or multiple Quobyte Registry - services specified as a string as host:port pair (multiple - entries are separated with commas) which acts as the central - registry for volumes - type: str - user: - description: - - User to map volume access to Defaults to serivceaccount - user - type: str - volume: - description: - - Volume is a string that references an already created - Quobyte volume by name. - type: str - rbd: - description: - - RBD represents a Rados Block Device mount on the host that - shares a pod's lifetime. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the - host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified.' - type: str - image: - description: - - The rados image name. - type: str - keyring: - description: - - Keyring is the path to key ring for RBDUser. Default is - /etc/ceph/keyring. - type: str - monitors: - description: - - A collection of Ceph monitors. - type: list - contains: str - pool: - description: - - The rados pool name. Default is rbd. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - secret_ref: - description: - - SecretRef is name of the authentication secret for RBDUser. - If provided overrides keyring. Default is nil. - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - The rados user name. Default is admin. - type: str - secret: - description: - - Secret represents a secret that should populate this volume. - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect - the file mode, like fsGroup, and the result can be other - mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced Secret will be projected into the volume - as a file whose name is the key and content is the value. - If specified, the listed keys will be projected into the - specified paths, and unlisted keys will not be present. - If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must be - a value between 0 and 0777. If not specified, the - volume defaultMode will be used. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - type: int - path: - description: - - The relative path of the file to map the key to. May - not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: str - secret_name: - description: - - Name of the secret in the pod's namespace to use. - type: str - vsphere_volume: - description: - - VsphereVolume represents a vSphere volume attached and mounted - on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: str - volume_path: - description: - - Path that identifies vSphere volume vmdk - type: str - status: - description: - - Status is a structure describing current status of a job. - type: complex - contains: - active: - description: - - Active is the number of actively running pods. - type: int - completion_time: - description: - - CompletionTime represents time when the job was completed. It is not guaranteed - to be set in happens-before order across separate operations. It is represented - in RFC3339 form and is in UTC. - type: complex - contains: {} - conditions: - description: - - Conditions represent the latest available observations of an object's - current state. - type: list - contains: - last_probe_time: - description: - - Last time the condition was checked. - type: complex - contains: {} - last_transition_time: - description: - - Last time the condition transit from one status to another. - type: complex - contains: {} - message: - description: - - Human readable message indicating details about last transition. - type: str - reason: - description: - - (brief) reason for the condition's last transition. - type: str - status: - description: - - Status of the condition, one of True, False, Unknown. - type: str - type: - description: - - Type of job condition, Complete or Failed. - type: str - failed: - description: - - Failed is the number of pods which reached Phase Failed. - type: int - start_time: - description: - - StartTime represents time when the job was acknowledged by the Job Manager. - It is not guaranteed to be set in happens-before order across separate - operations. It is represented in RFC3339 form and is in UTC. - type: complex - contains: {} - succeeded: - description: - - Succeeded is the number of pods which reached Phase Succeeded. - type: int -''' - - -def main(): - try: - module = KubernetesAnsibleModule('job', 'V2alpha1') - except KubernetesAnsibleException as exc: - # The helper failed to init, so there is no module object. All we can do is raise the error. - raise Exception(exc.message) - - try: - module.execute_module() - except KubernetesAnsibleException as exc: - module.fail_json(msg="Module failed!", error=str(exc)) - - -if __name__ == '__main__': - main() diff --git a/library/k8s_v2alpha1_job_list.py b/library/k8s_v2alpha1_job_list.py deleted file mode 100644 index b7441db6..00000000 --- a/library/k8s_v2alpha1_job_list.py +++ /dev/null @@ -1,2247 +0,0 @@ -#!/usr/bin/env python - -from ansible.module_utils.k8s_common import KubernetesAnsibleModule, KubernetesAnsibleException - -DOCUMENTATION = ''' -module: k8s_v2alpha1_job_list -short_description: Kubernetes JobList -description: -- Retrieve a list of jobs. List operations provide a snapshot read of the underlying - objects, returning a resource_version representing a consistent version of the listed - objects. -version_added: 2.3.0 -author: OpenShift (@openshift) -options: - api_key: - description: - - Token used to connect to the API. - cert_file: - description: - - Path to a certificate used to authenticate with the API. - type: path - context: - description: - - The name of a context found in the Kubernetes config file. - debug: - description: - - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log - default: false - type: bool - force: - description: - - If set to C(True), and I(state) is C(present), an existing object will updated, - and lists will be replaced, rather than merged. - default: false - type: bool - host: - description: - - Provide a URL for acessing the Kubernetes API. - key_file: - description: - - Path to a key file used to authenticate with the API. - type: path - kubeconfig: - description: - - Path to an existing Kubernetes config file. If not provided, and no other connection - options are provided, the openshift client will attempt to load the default - configuration file from I(~/.kube/config.json). - type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. - password: - description: - - Provide a password for connecting to the API. Use in conjunction with I(username). - resource_definition: - description: - - Provide the YAML definition for the object, bypassing any modules parameters - intended to define object attributes. - type: dict - src: - description: - - Provide a path to a file containing the YAML definition of the object. Mutually - exclusive with I(resource_definition). - type: path - ssl_ca_cert: - description: - - Path to a CA certificate used to authenticate with the API. - type: path - state: - description: - - Determines if an object should be created, patched, or deleted. When set to - C(present), the object will be created, if it does not exist, or patched, if - parameter values differ from the existing object's attributes, and deleted, - if set to C(absent). A patch operation results in merging lists and updating - dictionaries, with lists being merged into a unique set of values. If a list - contains a dictionary with a I(name) or I(type) attribute, a strategic merge - is performed, where individual elements with a matching I(name_) or I(type) - are merged. To force the replacement of lists, set the I(force) option to C(True). - default: present - choices: - - present - - absent - username: - description: - - Provide a username for connecting to the API. - verify_ssl: - description: - - Whether or not to verify the API server's SSL certificates. - type: bool -requirements: -- kubernetes == 1.0.0 -''' - -EXAMPLES = ''' -''' - -RETURN = ''' -api_version: - type: string - description: Requested API version -job_list: - type: complex - returned: when I(state) = C(present) - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - type: str - items: - description: - - Items is the list of Job. - type: list - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, - and may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. In CamelCase. - type: str - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource - that may be set by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be preserved when modifying - objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used - to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver is - going to ignore it if set in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. - It is represented in RFC3339 form and is in UTC. Populated by the - system. Read-only. Null for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource - will be deleted. This field is set by the server when a graceful deletion - is requested by the user, and is not directly settable by a client. - The resource is expected to be deleted (no longer visible from resource - lists, and not reachable by name) after the time in this field. Once - set, this value may not be unset or be set further into the future, - although it may be shortened or the resource may be deleted prior - to this time. For example, a user may request that a pod is deleted - in 30 seconds. The Kubelet will react by sending a graceful termination - signal to the containers in the pod. After that 30 seconds, the Kubelet - will send a hard termination signal (SIGKILL) to the container and - after cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, until - an administrator or automated process can determine the resource is - fully terminated. If not set, graceful deletion of the object has - not been requested. Populated by the system when a graceful deletion - is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. Each - entry is an identifier for the responsible component that will remove - the entry from the list. If the deletionTimestamp of the object is - non-nil, entries in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate - a unique name ONLY IF the Name field has not been provided. If this - field is used, the name returned to the client will be different than - the name passed. This value will also be combined with a unique suffix. - The provided value has the same validation rules as the Name field, - and may be truncated by the length of the suffix required to make - the value unique on the server. If this field is specified and the - generated name exists, the server will NOT return a 409 - instead, - it will either return 201 Created or 500 with Reason ServerTimeout - indicating a unique name could not be found in the time allotted, - and the client should retry (optionally after the time indicated in - the Retry-After header). Applied only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired - state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request the - generation of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration definition. Cannot - be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An empty - namespace is equivalent to the "default" namespace, but "default" - is the canonical representation. Not all objects are required to be - scoped to a namespace - the value of this field for those objects - will be empty. Must be a DNS_LABEL. Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the list - have been deleted, this object will be garbage collected. If this - object is managed by a controller, then an entry in this list will - point to this controller, with the controller field set to true. There - cannot be more than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object - that can be used by clients to determine when objects have changed. - May be used for optimistic concurrency, change detection, and the - watch operation on a resource or set of resources. Clients must treat - these values as opaque and passed unmodified back to the server. They - may only be valid for a particular resource or set of resources. Populated - by the system. Read-only. Value must be treated as opaque by clients - and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. - Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It is typically - generated by the server on successful creation of a resource and is - not allowed to change on PUT operations. Populated by the system. - Read-only. - type: str - spec: - description: - - Spec is a structure defining the expected behavior of a job. - type: complex - contains: - active_deadline_seconds: - description: - - Optional duration in seconds relative to the startTime that the job - may be active before the system tries to terminate it; value must - be positive integer - type: int - completions: - description: - - Completions specifies the desired number of successfully finished - pods the job should be run with. Setting to nil means that the success - of any pod signals the success of all pods, and allows parallelism - to have any positive value. Setting to 1 means that parallelism is - limited to 1 and the success of that pod signals the success of the - job. - type: int - manual_selector: - description: - - ManualSelector controls generation of pod labels and pod selectors. - Leave `manualSelector` unset unless you are certain what you are doing. - When false or unset, the system pick labels unique to this job and - appends those labels to the pod template. When true, the user is responsible - for picking unique labels and specifying the selector. Failure to - pick a unique label may cause this and other jobs to not function - correctly. However, You may see `manualSelector=true` in jobs that - were created with the old `extensions/v1beta1` API. - type: bool - parallelism: - description: - - Parallelism specifies the maximum desired number of pods the job should - run at any given time. The actual number of pods running in steady - state will be less than this number when ((.spec.completions - .status.successful) - < .spec.parallelism), i.e. when the work left to do is less than max - parallelism. - type: int - selector: - description: - - Selector is a label query over pods that should match the pod count. - Normally, the system sets this field for you. - type: complex - contains: - match_expressions: - description: - - matchExpressions is a list of label selector requirements. The - requirements are ANDed. - type: list - contains: - key: - description: - - key is the label key that the selector applies to. - type: str - operator: - description: - - operator represents a key's relationship to a set of values. - Valid operators ard In, NotIn, Exists and DoesNotExist. - type: str - values: - description: - - values is an array of string values. If the operator is In - or NotIn, the values array must be non-empty. If the operator - is Exists or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge patch. - type: list - contains: str - match_labels: - description: - - matchLabels is a map of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", and the values - array contains only "value". The requirements are ANDed. - type: complex - contains: str, str - template: - description: - - Template is the object that describes the pod that will be created - when executing a job. - type: complex - contains: - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a - resource that may be set by external tools to store and retrieve - arbitrary metadata. They are not queryable and should be preserved - when modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This - is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right - now and apiserver is going to ignore it if set in create or - update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set - in happens-before order across separate operations. Clients - may not set this value. It is represented in RFC3339 form - and is in UTC. Populated by the system. Read-only. Null for - lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this - resource will be deleted. This field is set by the server - when a graceful deletion is requested by the user, and is - not directly settable by a client. The resource is expected - to be deleted (no longer visible from resource lists, and - not reachable by name) after the time in this field. Once - set, this value may not be unset or be set further into the - future, although it may be shortened or the resource may be - deleted prior to this time. For example, a user may request - that a pod is deleted in 30 seconds. The Kubelet will react - by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a - hard termination signal (SIGKILL) to the container and after - cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, - until an administrator or automated process can determine - the resource is fully terminated. If not set, graceful deletion - of the object has not been requested. Populated by the system - when a graceful deletion is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be - removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to - generate a unique name ONLY IF the Name field has not been - provided. If this field is used, the name returned to the - client will be different than the name passed. This value - will also be combined with a unique suffix. The provided value - has the same validation rules as the Name field, and may be - truncated by the length of the suffix required to make the - value unique on the server. If this field is specified and - the generated name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found - in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied - only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the - desired state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors - of replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name - is primarily intended for creation idempotence and configuration - definition. Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. - An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. - Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in - the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in - this list will point to this controller, with the controller - field set to true. There cannot be more than one managing - controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this - object that can be used by clients to determine when objects - have changed. May be used for optimistic concurrency, change - detection, and the watch operation on a resource or set of - resources. Clients must treat these values as opaque and passed - unmodified back to the server. They may only be valid for - a particular resource or set of resources. Populated by the - system. Read-only. Value must be treated as opaque by clients - and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the - system. Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. - It is typically generated by the server on successful creation - of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. - type: str - spec: - description: - - Specification of the desired behavior of the pod. - type: complex - contains: - active_deadline_seconds: - description: - - Optional duration in seconds the pod may be active on the - node relative to StartTime before the system will actively - try to mark it failed and kill associated containers. Value - must be a positive integer. - type: int - containers: - description: - - List of containers belonging to the pod. Containers cannot - currently be added or removed. There must be at least one - container in a Pod. Cannot be updated. - type: list - contains: - args: - description: - - "Arguments to the entrypoint. The docker image's CMD is\ - \ used if this is not provided. Variable references $(VAR_NAME)\ - \ are expanded using the container's environment. If a\ - \ variable cannot be resolved, the reference in the input\ - \ string will be unchanged. The $(VAR_NAME) syntax can\ - \ be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ - \ references will never be expanded, regardless of whether\ - \ the variable exists or not. Cannot be updated." - type: list - contains: str - command: - description: - - "Entrypoint array. Not executed within a shell. The docker\ - \ image's ENTRYPOINT is used if this is not provided.\ - \ Variable references $(VAR_NAME) are expanded using the\ - \ container's environment. If a variable cannot be resolved,\ - \ the reference in the input string will be unchanged.\ - \ The $(VAR_NAME) syntax can be escaped with a double\ - \ $$, ie: $$(VAR_NAME). Escaped references will never\ - \ be expanded, regardless of whether the variable exists\ - \ or not. Cannot be updated." - type: list - contains: str - env: - description: - - List of environment variables to set in the container. - Cannot be updated. - type: list - contains: - name: - description: - - Name of the environment variable. Must be a C_IDENTIFIER. - type: str - value: - description: - - 'Variable references $(VAR_NAME) are expanded using - the previous defined environment variables in the - container and any service environment variables. If - a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to - "".' - type: str - value_from: - description: - - Source for the environment variable's value. Cannot - be used if value is not empty. - type: complex - contains: - config_map_key_ref: - description: - - Selects a key of a ConfigMap. - type: complex - contains: - key: - description: - - The key to select. - type: str - name: - description: - - Name of the referent. - type: str - field_ref: - description: - - 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified - API version. - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are currently - supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed - resources, defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - secret_key_ref: - description: - - Selects a key of a secret in the pod's namespace - type: complex - contains: - key: - description: - - The key of the secret to select from. Must - be a valid secret key. - type: str - name: - description: - - Name of the referent. - type: str - image: - description: - - Docker image name. - type: str - image_pull_policy: - description: - - Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. - type: str - lifecycle: - description: - - Actions that the management system should take in response - to container lifecycle events. Cannot be updated. - type: complex - contains: - post_start: - description: - - PostStart is called immediately after a container - is created. If the handler fails, the container is - terminated and restarted according to its restart - policy. Other management of the container blocks until - the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run - inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you - need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP - allows repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. - Defaults to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - pre_stop: - description: - - PreStop is called immediately before a container is - terminated. The container is terminated after the - handler completes. The reason for termination is passed - to the handler. Regardless of the outcome of the handler, - the container is eventually terminated. Other management - of the container blocks until the hook completes. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run - inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you - need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - type: list - contains: str - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP - allows repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. - Defaults to HTTP. - type: str - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the - container. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} - liveness_probe: - description: - - Periodic probe of container liveness. Container will be - restarted if the probe fails. Cannot be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started - before liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - type: int - name: - description: - - Name of the container specified as a DNS_LABEL. Each container - in a pod must have a unique name (DNS_LABEL). Cannot be - updated. - type: str - ports: - description: - - List of ports to expose from the container. Exposing a - port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will - be accessible from the network. Cannot be updated. - type: list - contains: - container_port: - description: - - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - type: int - host_ip: - description: - - What host IP to bind the external port to. - type: str - host_port: - description: - - Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If - HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - type: int - name: - description: - - If specified, this must be an IANA_SVC_NAME and unique - within the pod. Each named port in a pod must have - a unique name. Name for the port that can be referred - to by services. - type: str - protocol: - description: - - Protocol for port. Must be UDP or TCP. Defaults to - "TCP". - type: str - readiness_probe: - description: - - Periodic probe of container service readiness. Container - will be removed from service endpoints if the probe fails. - Cannot be updated. - type: complex - contains: - _exec: - description: - - One and only one of the following should be specified. - Exec specifies the action to take. - type: complex - contains: - command: - description: - - Command is the command line to execute inside - the container, the working directory for the command - is root ('/') in the container's filesystem. The - command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - type: list - contains: str - failure_threshold: - description: - - Minimum consecutive failures for the probe to be considered - failed after having succeeded. Defaults to 3. Minimum - value is 1. - type: int - http_get: - description: - - HTTPGet specifies the http request to perform. - type: complex - contains: - host: - description: - - Host name to connect to, defaults to the pod IP. - You probably want to set "Host" in httpHeaders - instead. - type: str - http_headers: - description: - - Custom headers to set in the request. HTTP allows - repeated headers. - type: list - contains: - name: - description: - - The header field name - type: str - value: - description: - - The header field value - type: str - path: - description: - - Path to access on the HTTP server. - type: str - port: - description: - - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - scheme: - description: - - Scheme to use for connecting to the host. Defaults - to HTTP. - type: str - initial_delay_seconds: - description: - - Number of seconds after the container has started - before liveness probes are initiated. - type: int - period_seconds: - description: - - How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - type: int - success_threshold: - description: - - Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults - to 1. Must be 1 for liveness. Minimum value is 1. - type: int - tcp_socket: - description: - - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - type: complex - contains: - port: - description: - - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - type: complex - contains: {} - timeout_seconds: - description: - - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - type: int - resources: - description: - - Compute Resources required by this container. Cannot be - updated. - type: complex - contains: - limits: - description: - - Limits describes the maximum amount of compute resources - allowed. - type: complex - contains: str, ResourceQuantity - requests: - description: - - Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. - type: complex - contains: str, ResourceQuantity - security_context: - description: - - Security options the pod should run with. - type: complex - contains: - capabilities: - description: - - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted - by the container runtime. - type: complex - contains: - add: - description: - - Added capabilities - type: list - contains: str - drop: - description: - - Removed capabilities - type: list - contains: str - privileged: - description: - - Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the - host. Defaults to false. - type: bool - read_only_root_filesystem: - description: - - Whether this container has a read-only root filesystem. - Default is false. - type: bool - run_as_non_root: - description: - - Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image - at runtime to ensure that it does not run as UID 0 - (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: int - se_linux_options: - description: - - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate - a random SELinux context for each container. May also - be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the - container. - type: str - role: - description: - - Role is a SELinux role label that applies to the - container. - type: str - type: - description: - - Type is a SELinux type label that applies to the - container. - type: str - user: - description: - - User is a SELinux user label that applies to the - container. - type: str - stdin: - description: - - Whether this container should allocate a buffer for stdin - in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default - is false. - type: bool - stdin_once: - description: - - Whether the container runtime should close the stdin channel - after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple - attach sessions. If stdinOnce is set to true, stdin is - opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If - this flag is false, a container processes that reads from - stdin will never receive an EOF. Default is false - type: bool - termination_message_path: - description: - - "Optional: Path at which the file to which the container's\ - \ termination message will be written is mounted into\ - \ the container's filesystem. Message written is intended\ - \ to be brief final status, such as an assertion failure\ - \ message. Defaults to /dev/termination-log. Cannot be\ - \ updated." - type: str - tty: - description: - - Whether this container should allocate a TTY for itself, - also requires 'stdin' to be true. Default is false. - type: bool - volume_mounts: - description: - - Pod volumes to mount into the container's filesystem. - Cannot be updated. - type: list - contains: - mount_path: - description: - - Path within the container at which the volume should - be mounted. Must not contain ':'. - type: str - name: - description: - - This must match the Name of a Volume. - type: str - read_only: - description: - - Mounted read-only if true, read-write otherwise (false - or unspecified). Defaults to false. - type: bool - sub_path: - description: - - Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's - root). - type: str - working_dir: - description: - - Container's working directory. If not specified, the container - runtime's default will be used, which might be configured - in the container image. Cannot be updated. - type: str - dns_policy: - description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". - type: str - host_ipc: - description: - - "Use the host's ipc namespace. Optional: Default to false." - type: bool - host_network: - description: - - Host networking requested for this pod. Use the host's network - namespace. If this option is set, the ports that will be used - must be specified. Default to false. - type: bool - host_pid: - description: - - "Use the host's pid namespace. Optional: Default to false." - type: bool - hostname: - description: - - Specifies the hostname of the Pod If not specified, the pod's - hostname will be set to a system-defined value. - type: str - image_pull_secrets: - description: - - ImagePullSecrets is an optional list of references to secrets - in the same namespace to use for pulling any of the images - used by this PodSpec. If specified, these secrets will be - passed to individual puller implementations for them to use. - For example, in the case of docker, only DockerConfig type - secrets are honored. - type: list - contains: - name: - description: - - Name of the referent. - type: str - node_name: - description: - - NodeName is a request to schedule this pod onto a specific - node. If it is non-empty, the scheduler simply schedules this - pod onto that node, assuming that it fits resource requirements. - type: str - node_selector: - description: - - NodeSelector is a selector which must be true for the pod - to fit on a node. Selector which must match a node's labels - for the pod to be scheduled on that node. - type: complex - contains: str, str - restart_policy: - description: - - Restart policy for all containers within the pod. One of Always, - OnFailure, Never. Default to Always. - type: str - security_context: - description: - - 'SecurityContext holds pod-level security attributes and common - container settings. Optional: Defaults to empty. See type - description for default values of each field.' - type: complex - contains: - fs_group: - description: - - "A special supplemental group that applies to all containers\ - \ in a pod. Some volume types allow the Kubelet to change\ - \ the ownership of that volume to be owned by the pod:\ - \ 1. The owning GID will be the FSGroup 2. The setgid\ - \ bit is set (new files created in the volume will be\ - \ owned by FSGroup) 3. The permission bits are OR'd with\ - \ rw-rw---- If unset, the Kubelet will not modify the\ - \ ownership and permissions of any volume." - type: int - run_as_non_root: - description: - - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, - no such validation will be performed. May also be set - in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: bool - run_as_user: - description: - - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - type: int - se_linux_options: - description: - - The SELinux context to be applied to all containers. If - unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. - type: complex - contains: - level: - description: - - Level is SELinux level label that applies to the container. - type: str - role: - description: - - Role is a SELinux role label that applies to the container. - type: str - type: - description: - - Type is a SELinux type label that applies to the container. - type: str - user: - description: - - User is a SELinux user label that applies to the container. - type: str - supplemental_groups: - description: - - A list of groups applied to the first process run in each - container, in addition to the container's primary GID. - If unspecified, no groups will be added to any container. - type: list - contains: int - service_account: - description: - - 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: str - service_account_name: - description: - - ServiceAccountName is the name of the ServiceAccount to use - to run this pod. - type: str - subdomain: - description: - - If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod - will not have a domainname at all. - type: str - termination_grace_period_seconds: - description: - - Optional duration in seconds the pod needs to terminate gracefully. - May be decreased in delete request. Value must be non-negative - integer. The value zero indicates delete immediately. If this - value is nil, the default grace period will be used instead. - The grace period is the duration in seconds after the processes - running in the pod are sent a termination signal and the time - when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your - process. Defaults to 30 seconds. - type: int - volumes: - description: - - List of volumes that can be mounted by containers belonging - to the pod. - type: list - contains: - aws_elastic_block_store: - description: - - AWSElasticBlockStore represents an AWS Disk resource that - is attached to a kubelet's host machine and then exposed - to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda - is "0" (or you can leave the property empty).' - type: int - read_only: - description: - - Specify "true" to force and set the ReadOnly property - in VolumeMounts to "true". If omitted, the default - is "false". - type: bool - volume_id: - description: - - Unique ID of the persistent disk resource in AWS (Amazon - EBS volume). - type: str - azure_disk: - description: - - AzureDisk represents an Azure Data Disk mount on the host - and bind mount to the pod. - type: complex - contains: - caching_mode: - description: - - 'Host Caching mode: None, Read Only, Read Write.' - type: str - disk_name: - description: - - The Name of the data disk in the blob storage - type: str - disk_uri: - description: - - The URI the data disk in the blob storage - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - read_only: - description: - - Defaults to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - type: bool - azure_file: - description: - - AzureFile represents an Azure File Service mount on the - host and bind mount to the pod. - type: complex - contains: - read_only: - description: - - Defaults to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - type: bool - secret_name: - description: - - the name of secret that contains Azure Storage Account - Name and Key - type: str - share_name: - description: - - Share Name - type: str - cephfs: - description: - - CephFS represents a Ceph FS mount on the host that shares - a pod's lifetime - type: complex - contains: - monitors: - description: - - 'Required: Monitors is a collection of Ceph monitors' - type: list - contains: str - path: - description: - - 'Optional: Used as the mounted root, rather than the - full Ceph tree, default is /' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_file: - description: - - 'Optional: SecretFile is the path to key ring for - User, default is /etc/ceph/user.secret' - type: str - secret_ref: - description: - - 'Optional: SecretRef is reference to the authentication - secret for User, default is empty.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - 'Optional: User is the rados user name, default is - admin' - type: str - cinder: - description: - - Cinder represents a cinder volume attached and mounted - on kubelets host machine - type: complex - contains: - fs_type: - description: - - 'Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified.' - type: str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - volume_id: - description: - - volume id used to identify the volume in cinder - type: str - config_map: - description: - - ConfigMap represents a configMap that should populate - this volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this - setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced ConfigMap will be projected into - the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys - will not be present. If a key is specified which is - not present in the ConfigMap, the volume setup will - error. Paths must be relative and may not contain - the '..' path or start with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result can - be other mode bits set.' - type: int - path: - description: - - The relative path of the file to map the key to. - May not be an absolute path. May not contain the - path element '..'. May not start with the string - '..'. - type: str - name: - description: - - Name of the referent. - type: str - downward_api: - description: - - DownwardAPI represents downward API about the pod that - should populate this volume - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this - setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: int - items: - description: - - Items is a list of downward API volume file - type: list - contains: - field_ref: - description: - - 'Required: Selects a field of the pod: only annotations, - labels, name and namespace are supported.' - type: complex - contains: - api_version: - description: - - Version of the schema the FieldPath is written - in terms of, defaults to "v1". - type: str - field_path: - description: - - Path of the field to select in the specified - API version. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result can - be other mode bits set.' - type: int - path: - description: - - "Required: Path is the relative path name of the\ - \ file to be created. Must not be absolute or\ - \ contain the '..' path. Must be utf-8 encoded.\ - \ The first item of the relative path must not\ - \ start with '..'" - type: str - resource_field_ref: - description: - - 'Selects a resource of the container: only resources - limits and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are currently - supported.' - type: complex - contains: - container_name: - description: - - 'Container name: required for volumes, optional - for env vars' - type: str - divisor: - description: - - Specifies the output format of the exposed - resources, defaults to "1" - type: complex - contains: {} - resource: - description: - - 'Required: resource to select' - type: str - empty_dir: - description: - - EmptyDir represents a temporary directory that shares - a pod's lifetime. - type: complex - contains: - medium: - description: - - What type of storage medium should back this directory. - The default is "" which means to use the node's default - medium. Must be an empty string (default) or Memory. - type: str - fc: - description: - - FC represents a Fibre Channel resource that is attached - to a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - lun: - description: - - 'Required: FC target lun number' - type: int - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - target_ww_ns: - description: - - 'Required: FC target worldwide names (WWNs)' - type: list - contains: str - flex_volume: - description: - - FlexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. This - is an alpha feature and may change in future. - type: complex - contains: - driver: - description: - - Driver is the name of the driver to use for this volume. - type: str - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: str - options: - description: - - 'Optional: Extra command options if any.' - type: complex - contains: str, str - read_only: - description: - - 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: bool - secret_ref: - description: - - 'Optional: SecretRef is reference to the secret object - containing sensitive information to pass to the plugin - scripts. This may be empty if no secret object is - specified. If the secret object contains more than - one secret, all secrets are passed to the plugin scripts.' - type: complex - contains: - name: - description: - - Name of the referent. - type: str - flocker: - description: - - Flocker represents a Flocker volume attached to a kubelet's - host machine. This depends on the Flocker control service - being running - type: complex - contains: - dataset_name: - description: - - Name of the dataset stored as metadata -> name on - the dataset for Flocker should be considered as deprecated - type: str - dataset_uuid: - description: - - UUID of the dataset. This is unique identifier of - a Flocker dataset - type: str - gce_persistent_disk: - description: - - GCEPersistentDisk represents a GCE Disk resource that - is attached to a kubelet's host machine and then exposed - to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - partition: - description: - - 'The partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda - is "0" (or you can leave the property empty).' - type: int - pd_name: - description: - - Unique name of the PD resource in GCE. Used to identify - the disk in GCE. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - git_repo: - description: - - GitRepo represents a git repository at a particular revision. - type: complex - contains: - directory: - description: - - Target directory name. Must not contain or start with - '..'. If '.' is supplied, the volume directory will - be the git repository. Otherwise, if specified, the - volume will contain the git repository in the subdirectory - with the given name. - type: str - repository: - description: - - Repository URL - type: str - revision: - description: - - Commit hash for the specified revision. - type: str - glusterfs: - description: - - Glusterfs represents a Glusterfs mount on the host that - shares a pod's lifetime. - type: complex - contains: - endpoints: - description: - - EndpointsName is the endpoint name that details Glusterfs - topology. - type: str - path: - description: - - Path is the Glusterfs volume path. - type: str - read_only: - description: - - ReadOnly here will force the Glusterfs volume to be - mounted with read-only permissions. Defaults to false. - type: bool - host_path: - description: - - HostPath represents a pre-existing file or directory on - the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most - containers will NOT need this. - type: complex - contains: - path: - description: - - Path of the directory on the host. - type: str - iscsi: - description: - - ISCSI represents an ISCSI Disk resource that is attached - to a kubelet's host machine and then exposed to the pod. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - iqn: - description: - - Target iSCSI Qualified Name. - type: str - iscsi_interface: - description: - - "Optional: Defaults to 'default' (tcp). iSCSI interface\ - \ name that uses an iSCSI transport." - type: str - lun: - description: - - iSCSI target lun number. - type: int - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - target_portal: - description: - - iSCSI target portal. The portal is either an IP or - ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). - type: str - name: - description: - - Volume's name. Must be a DNS_LABEL and unique within the - pod. - type: str - nfs: - description: - - NFS represents an NFS mount on the host that shares a - pod's lifetime - type: complex - contains: - path: - description: - - Path that is exported by the NFS server. - type: str - read_only: - description: - - ReadOnly here will force the NFS export to be mounted - with read-only permissions. Defaults to false. - type: bool - server: - description: - - Server is the hostname or IP address of the NFS server. - type: str - persistent_volume_claim: - description: - - PersistentVolumeClaimVolumeSource represents a reference - to a PersistentVolumeClaim in the same namespace. - type: complex - contains: - claim_name: - description: - - ClaimName is the name of a PersistentVolumeClaim in - the same namespace as the pod using this volume. - type: str - read_only: - description: - - Will force the ReadOnly setting in VolumeMounts. Default - false. - type: bool - photon_persistent_disk: - description: - - PhotonPersistentDisk represents a PhotonController persistent - disk attached and mounted on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - pd_id: - description: - - ID that identifies Photon Controller persistent disk - type: str - quobyte: - description: - - Quobyte represents a Quobyte mount on the host that shares - a pod's lifetime - type: complex - contains: - group: - description: - - Group to map volume access to Default is no group - type: str - read_only: - description: - - ReadOnly here will force the Quobyte volume to be - mounted with read-only permissions. Defaults to false. - type: bool - registry: - description: - - Registry represents a single or multiple Quobyte Registry - services specified as a string as host:port pair (multiple - entries are separated with commas) which acts as the - central registry for volumes - type: str - user: - description: - - User to map volume access to Defaults to serivceaccount - user - type: str - volume: - description: - - Volume is a string that references an already created - Quobyte volume by name. - type: str - rbd: - description: - - RBD represents a Rados Block Device mount on the host - that shares a pod's lifetime. - type: complex - contains: - fs_type: - description: - - 'Filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified.' - type: str - image: - description: - - The rados image name. - type: str - keyring: - description: - - Keyring is the path to key ring for RBDUser. Default - is /etc/ceph/keyring. - type: str - monitors: - description: - - A collection of Ceph monitors. - type: list - contains: str - pool: - description: - - The rados pool name. Default is rbd. - type: str - read_only: - description: - - ReadOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: bool - secret_ref: - description: - - SecretRef is name of the authentication secret for - RBDUser. If provided overrides keyring. Default is - nil. - type: complex - contains: - name: - description: - - Name of the referent. - type: str - user: - description: - - The rados user name. Default is admin. - type: str - secret: - description: - - Secret represents a secret that should populate this volume. - type: complex - contains: - default_mode: - description: - - 'Optional: mode bits to use on created files by default. - Must be a value between 0 and 0777. Defaults to 0644. - Directories within the path are not affected by this - setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: int - items: - description: - - If unspecified, each key-value pair in the Data field - of the referenced Secret will be projected into the - volume as a file whose name is the key and content - is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys - will not be present. If a key is specified which is - not present in the Secret, the volume setup will error. - Paths must be relative and may not contain the '..' - path or start with '..'. - type: list - contains: - key: - description: - - The key to project. - type: str - mode: - description: - - 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result can - be other mode bits set.' - type: int - path: - description: - - The relative path of the file to map the key to. - May not be an absolute path. May not contain the - path element '..'. May not start with the string - '..'. - type: str - secret_name: - description: - - Name of the secret in the pod's namespace to use. - type: str - vsphere_volume: - description: - - VsphereVolume represents a vSphere volume attached and - mounted on kubelets host machine - type: complex - contains: - fs_type: - description: - - Filesystem type to mount. Must be a filesystem type - supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: str - volume_path: - description: - - Path that identifies vSphere volume vmdk - type: str - status: - description: - - Status is a structure describing current status of a job. - type: complex - contains: - active: - description: - - Active is the number of actively running pods. - type: int - completion_time: - description: - - CompletionTime represents time when the job was completed. It is not - guaranteed to be set in happens-before order across separate operations. - It is represented in RFC3339 form and is in UTC. - type: complex - contains: {} - conditions: - description: - - Conditions represent the latest available observations of an object's - current state. - type: list - contains: - last_probe_time: - description: - - Last time the condition was checked. - type: complex - contains: {} - last_transition_time: - description: - - Last time the condition transit from one status to another. - type: complex - contains: {} - message: - description: - - Human readable message indicating details about last transition. - type: str - reason: - description: - - (brief) reason for the condition's last transition. - type: str - status: - description: - - Status of the condition, one of True, False, Unknown. - type: str - type: - description: - - Type of job condition, Complete or Failed. - type: str - failed: - description: - - Failed is the number of pods which reached Phase Failed. - type: int - start_time: - description: - - StartTime represents time when the job was acknowledged by the Job - Manager. It is not guaranteed to be set in happens-before order across - separate operations. It is represented in RFC3339 form and is in UTC. - type: complex - contains: {} - succeeded: - description: - - Succeeded is the number of pods which reached Phase Succeeded. - type: int - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. - type: str - metadata: - description: - - Standard list metadata - type: complex - contains: - resource_version: - description: - - String that identifies the server's internal version of this object that - can be used by clients to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified back to the server. - Populated by the system. Read-only. - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. Read-only. - type: str -''' - - -def main(): - try: - module = KubernetesAnsibleModule('job_list', 'V2alpha1') - except KubernetesAnsibleException as exc: - # The helper failed to init, so there is no module object. All we can do is raise the error. - raise Exception(exc.message) - - try: - module.execute_module() - except KubernetesAnsibleException as exc: - module.fail_json(msg="Module failed!", error=str(exc)) - - -if __name__ == '__main__': - main() diff --git a/library/openshift_v1_applied_cluster_resource_quota.py b/library/openshift_v1_applied_cluster_resource_quota.py index 5770978b..20bab0d1 100644 --- a/library/openshift_v1_applied_cluster_resource_quota.py +++ b/library/openshift_v1_applied_cluster_resource_quota.py @@ -118,7 +118,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -225,6 +225,150 @@ applied_cluster_resource_quota: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -260,6 +404,14 @@ applied_cluster_resource_quota: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -310,7 +462,7 @@ applied_cluster_resource_quota: description: - Hard is the set of desired hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str scopes: description: - A collection of filters that must match each object tracked by a quota. @@ -392,13 +544,13 @@ applied_cluster_resource_quota: description: - Hard is the set of enforced hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str used: description: - Used is the current observed total usage of the resource in the namespace. type: complex - contains: str, ResourceQuantity + contains: str, str total: description: - Total defines the actual enforced quota and its current usage across all @@ -409,12 +561,12 @@ applied_cluster_resource_quota: description: - Hard is the set of enforced hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str used: description: - Used is the current observed total usage of the resource in the namespace. type: complex - contains: str, ResourceQuantity + contains: str, str ''' diff --git a/library/openshift_v1_applied_cluster_resource_quota_list.py b/library/openshift_v1_applied_cluster_resource_quota_list.py index 9b81bb22..0f8f00d4 100644 --- a/library/openshift_v1_applied_cluster_resource_quota_list.py +++ b/library/openshift_v1_applied_cluster_resource_quota_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -65,7 +61,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -186,6 +182,153 @@ applied_cluster_resource_quota_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -222,6 +365,14 @@ applied_cluster_resource_quota_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -275,7 +426,7 @@ applied_cluster_resource_quota_list: description: - Hard is the set of desired hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str scopes: description: - A collection of filters that must match each object tracked by @@ -359,13 +510,13 @@ applied_cluster_resource_quota_list: description: - Hard is the set of enforced hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str used: description: - Used is the current observed total usage of the resource in the namespace. type: complex - contains: str, ResourceQuantity + contains: str, str total: description: - Total defines the actual enforced quota and its current usage across @@ -376,13 +527,13 @@ applied_cluster_resource_quota_list: description: - Hard is the set of enforced hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str used: description: - Used is the current observed total usage of the resource in the namespace. type: complex - contains: str, ResourceQuantity + contains: str, str kind: description: - Kind is a string value representing the REST resource this object represents. diff --git a/library/openshift_v1_broker_template_instance.py b/library/openshift_v1_broker_template_instance.py new file mode 100644 index 00000000..b99dbe80 --- /dev/null +++ b/library/openshift_v1_broker_template_instance.py @@ -0,0 +1,641 @@ +#!/usr/bin/env python + +from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException + +DOCUMENTATION = ''' +module: openshift_v1_broker_template_instance +short_description: OpenShift BrokerTemplateInstance +description: +- Manage the lifecycle of a broker_template_instance object. Supports check mode, + and attempts to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + spec_binding_i_ds: + description: + - bindingids is a list of 'binding_id's provided during successive bind calls + to the template service broker. + aliases: + - binding_i_ds + type: list + spec_secret_api_version: + description: + - API version of the referent. + aliases: + - secret_api_version + spec_secret_field_path: + description: + - 'If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers to the name + of the container that triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of an object.' + aliases: + - secret_field_path + spec_secret_kind: + description: + - Kind of the referent. + aliases: + - secret_kind + spec_secret_name: + description: + - Name of the referent. + aliases: + - secret_name + spec_secret_namespace: + description: + - Namespace of the referent. + aliases: + - secret_namespace + spec_secret_resource_version: + description: + - Specific resourceVersion to which this reference is made, if any. + aliases: + - secret_resource_version + spec_secret_uid: + description: + - UID of the referent. + aliases: + - secret_uid + spec_template_instance_api_version: + description: + - API version of the referent. + aliases: + - _instance_api_version + spec_template_instance_field_path: + description: + - 'If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers to the name + of the container that triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of an object.' + aliases: + - _instance_field_path + spec_template_instance_kind: + description: + - Kind of the referent. + aliases: + - _instance_kind + spec_template_instance_name: + description: + - Name of the referent. + aliases: + - _instance_name + spec_template_instance_namespace: + description: + - Namespace of the referent. + aliases: + - _instance_namespace + spec_template_instance_resource_version: + description: + - Specific resourceVersion to which this reference is made, if any. + aliases: + - _instance_resource_version + spec_template_instance_uid: + description: + - UID of the referent. + aliases: + - _instance_uid + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- openshift == 0.3.1 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +broker_template_instance: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard object metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + spec: + description: + - spec describes the state of this BrokerTemplateInstance. + type: complex + contains: + binding_i_ds: + description: + - bindingids is a list of 'binding_id's provided during successive bind + calls to the template service broker. + type: list + contains: str + secret: + description: + - secret is a reference to a Secret object residing in a namespace, containing + the necessary template parameters. + type: complex + contains: + api_version: + description: + - API version of the referent. + type: str + field_path: + description: + - 'If referring to a piece of an object instead of an entire object, + this string should contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For example, if the object + reference is to a container within a pod, this would take on a value + like: "spec.containers{name}" (where "name" refers to the name of + the container that triggered the event) or if no container name is + specified "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way of referencing + a part of an object.' + type: str + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + namespace: + description: + - Namespace of the referent. + type: str + resource_version: + description: + - Specific resourceVersion to which this reference is made, if any. + type: str + uid: + description: + - UID of the referent. + type: str + template_instance: + description: + - templateinstance is a reference to a TemplateInstance object residing + in a namespace. + type: complex + contains: + api_version: + description: + - API version of the referent. + type: str + field_path: + description: + - 'If referring to a piece of an object instead of an entire object, + this string should contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For example, if the object + reference is to a container within a pod, this would take on a value + like: "spec.containers{name}" (where "name" refers to the name of + the container that triggered the event) or if no container name is + specified "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way of referencing + a part of an object.' + type: str + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + namespace: + description: + - Namespace of the referent. + type: str + resource_version: + description: + - Specific resourceVersion to which this reference is made, if any. + type: str + uid: + description: + - UID of the referent. + type: str +''' + + +def main(): + try: + module = OpenShiftAnsibleModule('broker_template_instance', 'V1') + except OpenShiftAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except OpenShiftAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/openshift_v1_policy_list.py b/library/openshift_v1_broker_template_instance_list.py similarity index 53% rename from library/openshift_v1_policy_list.py rename to library/openshift_v1_broker_template_instance_list.py index ea621f3b..f5094bc6 100644 --- a/library/openshift_v1_policy_list.py +++ b/library/openshift_v1_broker_template_instance_list.py @@ -3,12 +3,12 @@ from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException DOCUMENTATION = ''' -module: openshift_v1_policy_list -short_description: OpenShift PolicyList +module: openshift_v1_broker_template_instance_list +short_description: OpenShift BrokerTemplateInstanceList description: -- Retrieve a list of policys. List operations provide a snapshot read of the underlying - objects, returning a resource_version representing a consistent version of the listed - objects. +- Retrieve a list of broker_template_instances. List operations provide a snapshot + read of the underlying objects, returning a resource_version representing a consistent + version of the listed objects. version_added: 2.3.0 author: OpenShift (@openshift) options: @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -99,7 +95,7 @@ RETURN = ''' api_version: type: string description: Requested API version -policy_list: +broker_template_instance_list: type: complex returned: when I(state) = C(present) contains: @@ -111,7 +107,7 @@ policy_list: type: str items: description: - - Items is a list of Policies + - items is a list of BrokerTemplateInstances type: list contains: api_version: @@ -126,15 +122,9 @@ policy_list: Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. type: str - last_modified: - description: - - LastModified is the last time that any part of the Policy was created, - updated, or deleted - type: complex - contains: {} metadata: description: - - Standard object's metadata. + - Standard object metadata. type: complex contains: annotations: @@ -216,6 +206,153 @@ policy_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -252,6 +389,14 @@ policy_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -291,255 +436,101 @@ policy_list: not allowed to change on PUT operations. Populated by the system. Read-only. type: str - roles: + spec: description: - - Roles holds all the Roles held by this Policy, mapped by Role.Name - type: list + - spec describes the state of this BrokerTemplateInstance. + type: complex contains: - name: + binding_i_ds: description: - - Name is the name of the role - type: str - role: + - bindingids is a list of 'binding_id's provided during successive bind + calls to the template service broker. + type: list + contains: str + secret: description: - - Role is the role being named + - secret is a reference to a Secret object residing in a namespace, + containing the necessary template parameters. type: complex contains: api_version: description: - - APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the - latest internal value, and may reject unrecognized values. + - API version of the referent. + type: str + field_path: + description: + - 'If referring to a piece of an object instead of an entire object, + this string should contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For example, if the + object reference is to a container within a pod, this would take + on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some + well-defined way of referencing a part of an object.' type: str kind: description: - - Kind is a string value representing the REST resource this object - represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. + - Kind of the referent. type: str - metadata: + name: description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a - resource that may be set by external tools to store and retrieve - arbitrary metadata. They are not queryable and should be preserved - when modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This - is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right - now and apiserver is going to ignore it if set in create or - update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set - in happens-before order across separate operations. Clients - may not set this value. It is represented in RFC3339 form - and is in UTC. Populated by the system. Read-only. Null for - lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this - resource will be deleted. This field is set by the server - when a graceful deletion is requested by the user, and is - not directly settable by a client. The resource is expected - to be deleted (no longer visible from resource lists, and - not reachable by name) after the time in this field. Once - set, this value may not be unset or be set further into the - future, although it may be shortened or the resource may be - deleted prior to this time. For example, a user may request - that a pod is deleted in 30 seconds. The Kubelet will react - by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a - hard termination signal (SIGKILL) to the container and after - cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, - until an administrator or automated process can determine - the resource is fully terminated. If not set, graceful deletion - of the object has not been requested. Populated by the system - when a graceful deletion is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be - removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to - generate a unique name ONLY IF the Name field has not been - provided. If this field is used, the name returned to the - client will be different than the name passed. This value - will also be combined with a unique suffix. The provided value - has the same validation rules as the Name field, and may be - truncated by the length of the suffix required to make the - value unique on the server. If this field is specified and - the generated name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found - in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied - only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the - desired state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors - of replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name - is primarily intended for creation idempotence and configuration - definition. Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. - An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. - Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in - the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in - this list will point to this controller, with the controller - field set to true. There cannot be more than one managing - controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this - object that can be used by clients to determine when objects - have changed. May be used for optimistic concurrency, change - detection, and the watch operation on a resource or set of - resources. Clients must treat these values as opaque and passed - unmodified back to the server. They may only be valid for - a particular resource or set of resources. Populated by the - system. Read-only. Value must be treated as opaque by clients - and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the - system. Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. - It is typically generated by the server on successful creation - of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. - type: str - rules: + - Name of the referent. + type: str + namespace: description: - - Rules holds all the PolicyRules for this Role - type: list - contains: - api_groups: - description: - - APIGroups is the name of the APIGroup that contains the resources. - If this field is empty, then both kubernetes and origin API - groups are assumed. That means that if an action is requested - against one of the enumerated resources in either the kubernetes - or the origin API group, the request will be allowed - type: list - contains: str - attribute_restrictions: - description: - - AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder - pair supports. If the Authorizer does not recognize how to - handle the AttributeRestrictions, the Authorizer should report - an error. - type: complex - contains: - raw: - description: - - Raw is the underlying serialization of this object. - type: str - non_resource_ur_ls: - description: - - NonResourceURLsSlice is a set of partial urls that a user - should have access to. *s are allowed, but only as the full, - final step in the path This name is intentionally different - than the internal type so that the DefaultConvert works nicely - and because the ordering may be different. - type: list - contains: str - resource_names: - description: - - ResourceNames is an optional white list of names that the - rule applies to. An empty set means that everything is allowed. - type: list - contains: str - resources: - description: - - Resources is a list of resources this rule applies to. ResourceAll - represents all resources. - type: list - contains: str - verbs: - description: - - Verbs is a list of Verbs that apply to ALL the ResourceKinds - and AttributeRestrictions contained in this rule. VerbAll - represents all kinds. - type: list - contains: str + - Namespace of the referent. + type: str + resource_version: + description: + - Specific resourceVersion to which this reference is made, if any. + type: str + uid: + description: + - UID of the referent. + type: str + template_instance: + description: + - templateinstance is a reference to a TemplateInstance object residing + in a namespace. + type: complex + contains: + api_version: + description: + - API version of the referent. + type: str + field_path: + description: + - 'If referring to a piece of an object instead of an entire object, + this string should contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For example, if the + object reference is to a container within a pod, this would take + on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some + well-defined way of referencing a part of an object.' + type: str + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + namespace: + description: + - Namespace of the referent. + type: str + resource_version: + description: + - Specific resourceVersion to which this reference is made, if any. + type: str + uid: + description: + - UID of the referent. + type: str kind: description: - Kind is a string value representing the REST resource this object represents. @@ -548,7 +539,7 @@ policy_list: type: str metadata: description: - - Standard object's metadata. + - Standard object metadata. type: complex contains: resource_version: @@ -567,7 +558,7 @@ policy_list: def main(): try: - module = OpenShiftAnsibleModule('policy_list', 'V1') + module = OpenShiftAnsibleModule('broker_template_instance_list', 'V1') except OpenShiftAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) diff --git a/library/openshift_v1_build.py b/library/openshift_v1_build.py index 0f3698dc..e4727371 100644 --- a/library/openshift_v1_build.py +++ b/library/openshift_v1_build.py @@ -358,7 +358,7 @@ options: spec_strategy_custom_strategy_env: description: - env contains additional environment variables you want to pass into a builder - container. ValueFrom is not supported. + container. aliases: - strategy_custom_strategy_env type: list @@ -444,7 +444,7 @@ options: spec_strategy_docker_strategy_env: description: - env contains additional environment variables you want to pass into a builder - container. ValueFrom is not supported. + container. aliases: - strategy_docker_strategy_env type: list @@ -482,7 +482,7 @@ options: spec_strategy_jenkins_pipeline_strategy_env: description: - env contains additional environment variables you want to pass into a build - pipeline. ValueFrom is not supported. + pipeline. aliases: - strategy_jenkins_pipeline_strategy_env type: list @@ -544,7 +544,7 @@ options: spec_strategy_source_strategy_env: description: - env contains additional environment variables you want to pass into a builder - container. ValueFrom is not supported. + container. aliases: - strategy_source_strategy_env type: list @@ -666,7 +666,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -773,6 +773,150 @@ build: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -808,6 +952,14 @@ build: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -982,14 +1134,14 @@ build: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str revision: description: - revision is the information from the source for a specific repo snapshot. @@ -1181,7 +1333,9 @@ build: source_path: description: - sourcePath is the absolute path of the file or directory inside - the image to copy to the build directory. + the image to copy to the build directory. If the source path + ends in /. then the content of the directory will be copied, + but the directory itself will not be created at the destination. type: str pull_secret: description: @@ -1299,7 +1453,7 @@ build: env: description: - env contains additional environment variables you want to pass - into a builder container. ValueFrom is not supported. + into a builder container. type: list contains: name: @@ -1335,11 +1489,16 @@ build: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -1367,8 +1526,7 @@ build: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1387,6 +1545,10 @@ build: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool expose_docker_socket: description: - exposeDockerSocket will allow running Docker commands (and build @@ -1517,11 +1679,16 @@ build: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -1549,8 +1716,7 @@ build: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1569,6 +1735,10 @@ build: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool dockerfile_path: description: - dockerfilePath is the path of the Dockerfile that will be used @@ -1578,7 +1748,7 @@ build: env: description: - env contains additional environment variables you want to pass - into a builder container. ValueFrom is not supported. + into a builder container. type: list contains: name: @@ -1614,11 +1784,16 @@ build: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -1646,8 +1821,7 @@ build: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1666,6 +1840,10 @@ build: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool force_pull: description: - forcePull describes if the builder should pull the images from @@ -1709,7 +1887,7 @@ build: env: description: - env contains additional environment variables you want to pass - into a build pipeline. ValueFrom is not supported. + into a build pipeline. type: list contains: name: @@ -1745,11 +1923,16 @@ build: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -1777,8 +1960,7 @@ build: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1797,6 +1979,10 @@ build: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool jenkinsfile: description: - Jenkinsfile defines the optional raw contents of a Jenkinsfile @@ -1862,7 +2048,7 @@ build: env: description: - env contains additional environment variables you want to pass - into a builder container. ValueFrom is not supported. + into a builder container. type: list contains: name: @@ -1898,11 +2084,16 @@ build: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -1930,8 +2121,7 @@ build: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1950,6 +2140,10 @@ build: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool force_pull: description: - forcePull describes if the builder should pull the images from @@ -1990,7 +2184,9 @@ build: source_path: description: - sourcePath is the absolute path of the file or directory inside - the image to copy to the build directory. + the image to copy to the build directory. If the source path + ends in /. then the content of the directory will be copied, + but the directory itself will not be created at the destination. type: str runtime_image: description: @@ -2055,6 +2251,65 @@ build: the build configuration and contains information about those triggers. type: list contains: + bitbucket_web_hook: + description: + - BitbucketWebHook represents data for a Bitbucket webhook that fired + a specific build. + type: complex + contains: + revision: + description: + - Revision is the git source revision information of the trigger. + type: complex + contains: + git: + description: + - Git contains information about git-based build source + type: complex + contains: + author: + description: + - author is the author of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + commit: + description: + - commit is the commit hash identifying a specific commit + type: str + committer: + description: + - committer is the committer of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + message: + description: + - message is the description of a specific commit + type: str + type: + description: + - type of the build source, may be one of 'Source', 'Dockerfile', + 'Binary', or 'Images' + type: str + secret: + description: + - Secret is the obfuscated webhook secret that triggered a build. + type: str generic_web_hook: description: - genericWebHook holds data about a builds generic webhook trigger. @@ -2173,6 +2428,65 @@ build: description: - secret is the obfuscated webhook secret that triggered a build. type: str + gitlab_web_hook: + description: + - GitLabWebHook represents data for a GitLab webhook that fired a specific + build. + type: complex + contains: + revision: + description: + - Revision is the git source revision information of the trigger. + type: complex + contains: + git: + description: + - Git contains information about git-based build source + type: complex + contains: + author: + description: + - author is the author of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + commit: + description: + - commit is the commit hash identifying a specific commit + type: str + committer: + description: + - committer is the committer of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + message: + description: + - message is the description of a specific commit + type: str + type: + description: + - type of the build source, may be one of 'Source', 'Dockerfile', + 'Binary', or 'Images' + type: str + secret: + description: + - Secret is the obfuscated webhook secret that triggered a build. + type: str image_change_build: description: - imageChangeBuild stores information about an imagechange event that @@ -2295,6 +2609,11 @@ build: description: - duration contains time.Duration object describing build time. type: int + log_snippet: + description: + - logSnippet is the last few lines of the build log. This value is only + set for builds that failed. + type: str message: description: - message is a human-readable message indicating details about why the build @@ -2327,13 +2646,59 @@ build: type: str phase: description: - - phase is the point in the build lifecycle. + - phase is the point in the build lifecycle. Possible values are "New", + "Pending", "Running", "Complete", "Failed", "Error", and "Cancelled". type: str reason: description: - reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI. type: str + stages: + description: + - stages contains details about each stage that occurs during the build + including start time, duration (in milliseconds), and the steps that occured + within each stage. + type: list + contains: + duration_milliseconds: + description: + - 'durationMilliseconds identifies how long the stage took to complete + in milliseconds. Note: the duration of a stage can exceed the sum + of the duration of the steps within the stage as not all actions are + accounted for in explicit build steps.' + type: int + name: + description: + - name is a unique identifier for each build stage that occurs. + type: str + start_time: + description: + - startTime is a timestamp representing the server time when this Stage + started. It is represented in RFC3339 form and is in UTC. + type: complex + contains: {} + steps: + description: + - steps contains details about each step that occurs during a build + stage including start time and duration in milliseconds. + type: list + contains: + duration_milliseconds: + description: + - durationMilliseconds identifies how long the step took to complete + in milliseconds. + type: int + name: + description: + - name is a unique identifier for each build step. + type: str + start_time: + description: + - startTime is a timestamp representing the server time when this + Step started. it is represented in RFC3339 form and is in UTC. + type: complex + contains: {} start_timestamp: description: - startTimestamp is a timestamp representing the server time when this Build diff --git a/library/openshift_v1_build_config.py b/library/openshift_v1_build_config.py index 8e2ec132..9e2e71fc 100644 --- a/library/openshift_v1_build_config.py +++ b/library/openshift_v1_build_config.py @@ -85,6 +85,13 @@ options: aliases: - completion_deadline_seconds type: int + spec_failed_builds_history_limit: + description: + - failedBuildsHistoryLimit is the number of old failed builds to retain. If not + specified, all failed builds are retained. + aliases: + - failed_builds_history_limit + type: int spec_node_selector: description: - nodeSelector is a selector which must be true for the build pod to fit on a @@ -365,7 +372,7 @@ options: spec_strategy_custom_strategy_env: description: - env contains additional environment variables you want to pass into a builder - container. ValueFrom is not supported. + container. aliases: - strategy_custom_strategy_env type: list @@ -451,7 +458,7 @@ options: spec_strategy_docker_strategy_env: description: - env contains additional environment variables you want to pass into a builder - container. ValueFrom is not supported. + container. aliases: - strategy_docker_strategy_env type: list @@ -489,7 +496,7 @@ options: spec_strategy_jenkins_pipeline_strategy_env: description: - env contains additional environment variables you want to pass into a build - pipeline. ValueFrom is not supported. + pipeline. aliases: - strategy_jenkins_pipeline_strategy_env type: list @@ -551,7 +558,7 @@ options: spec_strategy_source_strategy_env: description: - env contains additional environment variables you want to pass into a builder - container. ValueFrom is not supported. + container. aliases: - strategy_source_strategy_env type: list @@ -635,6 +642,13 @@ options: - type is the kind of build strategy. aliases: - strategy_type + spec_successful_builds_history_limit: + description: + - successfulBuildsHistoryLimit is the number of old successful builds to retain. + If not specified, all successful builds are retained. + aliases: + - successful_builds_history_limit + type: int spec_triggers: description: - triggers determine how new Builds can be launched from a BuildConfig. If no @@ -674,7 +688,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -781,6 +795,150 @@ build_config: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -816,6 +974,14 @@ build_config: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -865,6 +1031,11 @@ build_config: build may be active on a node before the system actively tries to terminate the build; value must be positive integer type: int + failed_builds_history_limit: + description: + - failedBuildsHistoryLimit is the number of old failed builds to retain. + If not specified, all failed builds are retained. + type: int node_selector: description: - nodeSelector is a selector which must be true for the build pod to fit @@ -991,14 +1162,14 @@ build_config: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str revision: description: - revision is the information from the source for a specific repo snapshot. @@ -1196,7 +1367,9 @@ build_config: source_path: description: - sourcePath is the absolute path of the file or directory inside - the image to copy to the build directory. + the image to copy to the build directory. If the source path + ends in /. then the content of the directory will be copied, + but the directory itself will not be created at the destination. type: str pull_secret: description: @@ -1314,7 +1487,7 @@ build_config: env: description: - env contains additional environment variables you want to pass - into a builder container. ValueFrom is not supported. + into a builder container. type: list contains: name: @@ -1350,11 +1523,16 @@ build_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -1382,8 +1560,7 @@ build_config: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1402,6 +1579,10 @@ build_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool expose_docker_socket: description: - exposeDockerSocket will allow running Docker commands (and build @@ -1532,11 +1713,16 @@ build_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -1564,8 +1750,7 @@ build_config: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1584,6 +1769,10 @@ build_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool dockerfile_path: description: - dockerfilePath is the path of the Dockerfile that will be used @@ -1593,7 +1782,7 @@ build_config: env: description: - env contains additional environment variables you want to pass - into a builder container. ValueFrom is not supported. + into a builder container. type: list contains: name: @@ -1629,11 +1818,16 @@ build_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -1661,8 +1855,7 @@ build_config: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1681,6 +1874,10 @@ build_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool force_pull: description: - forcePull describes if the builder should pull the images from @@ -1724,7 +1921,7 @@ build_config: env: description: - env contains additional environment variables you want to pass - into a build pipeline. ValueFrom is not supported. + into a build pipeline. type: list contains: name: @@ -1760,11 +1957,16 @@ build_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -1792,8 +1994,7 @@ build_config: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1812,6 +2013,10 @@ build_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool jenkinsfile: description: - Jenkinsfile defines the optional raw contents of a Jenkinsfile @@ -1877,7 +2082,7 @@ build_config: env: description: - env contains additional environment variables you want to pass - into a builder container. ValueFrom is not supported. + into a builder container. type: list contains: name: @@ -1913,11 +2118,16 @@ build_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be + defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, - spec.serviceAccountName, status.podIP.' + spec.serviceAccountName, status.hostIP, status.podIP.' type: complex contains: api_version: @@ -1945,8 +2155,7 @@ build_config: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1965,6 +2174,10 @@ build_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool force_pull: description: - forcePull describes if the builder should pull the images from @@ -2005,7 +2218,9 @@ build_config: source_path: description: - sourcePath is the absolute path of the file or directory inside - the image to copy to the build directory. + the image to copy to the build directory. If the source path + ends in /. then the content of the directory will be copied, + but the directory itself will not be created at the destination. type: str runtime_image: description: @@ -2064,6 +2279,11 @@ build_config: description: - type is the kind of build strategy. type: str + successful_builds_history_limit: + description: + - successfulBuildsHistoryLimit is the number of old successful builds to + retain. If not specified, all successful builds are retained. + type: int triggers: description: - triggers determine how new Builds can be launched from a BuildConfig. @@ -2071,6 +2291,21 @@ build_config: an explicit client build creation. type: list contains: + bitbucket: + description: + - BitbucketWebHook contains the parameters for a Bitbucket webhook type + of trigger + type: complex + contains: + allow_env: + description: + - allowEnv determines whether the webhook can set environment variables; + can only be set to true for GenericWebHook. + type: bool + secret: + description: + - secret used to validate requests. + type: str generic: description: - generic contains the parameters for a Generic webhook type of trigger @@ -2099,6 +2334,21 @@ build_config: description: - secret used to validate requests. type: str + gitlab: + description: + - GitLabWebHook contains the parameters for a GitLab webhook type of + trigger + type: complex + contains: + allow_env: + description: + - allowEnv determines whether the webhook can set environment variables; + can only be set to true for GenericWebHook. + type: bool + secret: + description: + - secret used to validate requests. + type: str image_change: description: - imageChange contains parameters for an ImageChange type of trigger diff --git a/library/openshift_v1_build_config_list.py b/library/openshift_v1_build_config_list.py index f533448c..c3ad7e9d 100644 --- a/library/openshift_v1_build_config_list.py +++ b/library/openshift_v1_build_config_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ build_config_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ build_config_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -298,6 +449,11 @@ build_config_list: the build may be active on a node before the system actively tries to terminate the build; value must be positive integer type: int + failed_builds_history_limit: + description: + - failedBuildsHistoryLimit is the number of old failed builds to retain. + If not specified, all failed builds are retained. + type: int node_selector: description: - nodeSelector is a selector which must be true for the build pod to @@ -429,7 +585,7 @@ build_config_list: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources required. @@ -437,7 +593,7 @@ build_config_list: if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str revision: description: - revision is the information from the source for a specific repo snapshot. @@ -638,7 +794,10 @@ build_config_list: source_path: description: - sourcePath is the absolute path of the file or directory - inside the image to copy to the build directory. + inside the image to copy to the build directory. If the + source path ends in /. then the content of the directory + will be copied, but the directory itself will not be created + at the destination. type: str pull_secret: description: @@ -758,7 +917,7 @@ build_config_list: env: description: - env contains additional environment variables you want to - pass into a builder container. ValueFrom is not supported. + pass into a builder container. type: list contains: name: @@ -795,11 +954,17 @@ build_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -828,8 +993,7 @@ build_config_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -848,6 +1012,11 @@ build_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool expose_docker_socket: description: - exposeDockerSocket will allow running Docker commands (and @@ -980,11 +1149,17 @@ build_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -1013,8 +1188,7 @@ build_config_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1033,6 +1207,11 @@ build_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool dockerfile_path: description: - dockerfilePath is the path of the Dockerfile that will be @@ -1042,7 +1221,7 @@ build_config_list: env: description: - env contains additional environment variables you want to - pass into a builder container. ValueFrom is not supported. + pass into a builder container. type: list contains: name: @@ -1079,11 +1258,17 @@ build_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -1112,8 +1297,7 @@ build_config_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1132,6 +1316,11 @@ build_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool force_pull: description: - forcePull describes if the builder should pull the images @@ -1175,7 +1364,7 @@ build_config_list: env: description: - env contains additional environment variables you want to - pass into a build pipeline. ValueFrom is not supported. + pass into a build pipeline. type: list contains: name: @@ -1212,11 +1401,17 @@ build_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -1245,8 +1440,7 @@ build_config_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1265,6 +1459,11 @@ build_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool jenkinsfile: description: - Jenkinsfile defines the optional raw contents of a Jenkinsfile @@ -1330,7 +1529,7 @@ build_config_list: env: description: - env contains additional environment variables you want to - pass into a builder container. ValueFrom is not supported. + pass into a builder container. type: list contains: name: @@ -1367,11 +1566,17 @@ build_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -1400,8 +1605,7 @@ build_config_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1420,6 +1624,11 @@ build_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool force_pull: description: - forcePull describes if the builder should pull the images @@ -1461,7 +1670,10 @@ build_config_list: source_path: description: - sourcePath is the absolute path of the file or directory - inside the image to copy to the build directory. + inside the image to copy to the build directory. If the + source path ends in /. then the content of the directory + will be copied, but the directory itself will not be created + at the destination. type: str runtime_image: description: @@ -1520,6 +1732,11 @@ build_config_list: description: - type is the kind of build strategy. type: str + successful_builds_history_limit: + description: + - successfulBuildsHistoryLimit is the number of old successful builds + to retain. If not specified, all successful builds are retained. + type: int triggers: description: - triggers determine how new Builds can be launched from a BuildConfig. @@ -1527,6 +1744,21 @@ build_config_list: of an explicit client build creation. type: list contains: + bitbucket: + description: + - BitbucketWebHook contains the parameters for a Bitbucket webhook + type of trigger + type: complex + contains: + allow_env: + description: + - allowEnv determines whether the webhook can set environment + variables; can only be set to true for GenericWebHook. + type: bool + secret: + description: + - secret used to validate requests. + type: str generic: description: - generic contains the parameters for a Generic webhook type of @@ -1556,6 +1788,21 @@ build_config_list: description: - secret used to validate requests. type: str + gitlab: + description: + - GitLabWebHook contains the parameters for a GitLab webhook type + of trigger + type: complex + contains: + allow_env: + description: + - allowEnv determines whether the webhook can set environment + variables; can only be set to true for GenericWebHook. + type: bool + secret: + description: + - secret used to validate requests. + type: str image_change: description: - imageChange contains parameters for an ImageChange type of trigger diff --git a/library/openshift_v1_build_list.py b/library/openshift_v1_build_list.py index cd20bd0f..2ba9a092 100644 --- a/library/openshift_v1_build_list.py +++ b/library/openshift_v1_build_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ build_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ build_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -428,7 +579,7 @@ build_list: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources required. @@ -436,7 +587,7 @@ build_list: if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str revision: description: - revision is the information from the source for a specific repo snapshot. @@ -631,7 +782,10 @@ build_list: source_path: description: - sourcePath is the absolute path of the file or directory - inside the image to copy to the build directory. + inside the image to copy to the build directory. If the + source path ends in /. then the content of the directory + will be copied, but the directory itself will not be created + at the destination. type: str pull_secret: description: @@ -751,7 +905,7 @@ build_list: env: description: - env contains additional environment variables you want to - pass into a builder container. ValueFrom is not supported. + pass into a builder container. type: list contains: name: @@ -788,11 +942,17 @@ build_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -821,8 +981,7 @@ build_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -841,6 +1000,11 @@ build_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool expose_docker_socket: description: - exposeDockerSocket will allow running Docker commands (and @@ -973,11 +1137,17 @@ build_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -1006,8 +1176,7 @@ build_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1026,6 +1195,11 @@ build_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool dockerfile_path: description: - dockerfilePath is the path of the Dockerfile that will be @@ -1035,7 +1209,7 @@ build_list: env: description: - env contains additional environment variables you want to - pass into a builder container. ValueFrom is not supported. + pass into a builder container. type: list contains: name: @@ -1072,11 +1246,17 @@ build_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -1105,8 +1285,7 @@ build_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1125,6 +1304,11 @@ build_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool force_pull: description: - forcePull describes if the builder should pull the images @@ -1168,7 +1352,7 @@ build_list: env: description: - env contains additional environment variables you want to - pass into a build pipeline. ValueFrom is not supported. + pass into a build pipeline. type: list contains: name: @@ -1205,11 +1389,17 @@ build_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -1238,8 +1428,7 @@ build_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1258,6 +1447,11 @@ build_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool jenkinsfile: description: - Jenkinsfile defines the optional raw contents of a Jenkinsfile @@ -1323,7 +1517,7 @@ build_list: env: description: - env contains additional environment variables you want to - pass into a builder container. ValueFrom is not supported. + pass into a builder container. type: list contains: name: @@ -1360,11 +1554,17 @@ build_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -1393,8 +1593,7 @@ build_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1413,6 +1612,11 @@ build_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool force_pull: description: - forcePull describes if the builder should pull the images @@ -1454,7 +1658,10 @@ build_list: source_path: description: - sourcePath is the absolute path of the file or directory - inside the image to copy to the build directory. + inside the image to copy to the build directory. If the + source path ends in /. then the content of the directory + will be copied, but the directory itself will not be created + at the destination. type: str runtime_image: description: @@ -1519,6 +1726,65 @@ build_list: to the build configuration and contains information about those triggers. type: list contains: + bitbucket_web_hook: + description: + - BitbucketWebHook represents data for a Bitbucket webhook that + fired a specific build. + type: complex + contains: + revision: + description: + - Revision is the git source revision information of the trigger. + type: complex + contains: + git: + description: + - Git contains information about git-based build source + type: complex + contains: + author: + description: + - author is the author of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + commit: + description: + - commit is the commit hash identifying a specific commit + type: str + committer: + description: + - committer is the committer of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + message: + description: + - message is the description of a specific commit + type: str + type: + description: + - type of the build source, may be one of 'Source', 'Dockerfile', + 'Binary', or 'Images' + type: str + secret: + description: + - Secret is the obfuscated webhook secret that triggered a build. + type: str generic_web_hook: description: - genericWebHook holds data about a builds generic webhook trigger. @@ -1637,6 +1903,65 @@ build_list: description: - secret is the obfuscated webhook secret that triggered a build. type: str + gitlab_web_hook: + description: + - GitLabWebHook represents data for a GitLab webhook that fired + a specific build. + type: complex + contains: + revision: + description: + - Revision is the git source revision information of the trigger. + type: complex + contains: + git: + description: + - Git contains information about git-based build source + type: complex + contains: + author: + description: + - author is the author of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + commit: + description: + - commit is the commit hash identifying a specific commit + type: str + committer: + description: + - committer is the committer of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + message: + description: + - message is the description of a specific commit + type: str + type: + description: + - type of the build source, may be one of 'Source', 'Dockerfile', + 'Binary', or 'Images' + type: str + secret: + description: + - Secret is the obfuscated webhook secret that triggered a build. + type: str image_change_build: description: - imageChangeBuild stores information about an imagechange event @@ -1760,6 +2085,11 @@ build_list: description: - duration contains time.Duration object describing build time. type: int + log_snippet: + description: + - logSnippet is the last few lines of the build log. This value is only + set for builds that failed. + type: str message: description: - message is a human-readable message indicating details about why the @@ -1793,13 +2123,60 @@ build_list: type: str phase: description: - - phase is the point in the build lifecycle. + - phase is the point in the build lifecycle. Possible values are "New", + "Pending", "Running", "Complete", "Failed", "Error", and "Cancelled". type: str reason: description: - reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI. type: str + stages: + description: + - stages contains details about each stage that occurs during the build + including start time, duration (in milliseconds), and the steps that + occured within each stage. + type: list + contains: + duration_milliseconds: + description: + - 'durationMilliseconds identifies how long the stage took to complete + in milliseconds. Note: the duration of a stage can exceed the + sum of the duration of the steps within the stage as not all actions + are accounted for in explicit build steps.' + type: int + name: + description: + - name is a unique identifier for each build stage that occurs. + type: str + start_time: + description: + - startTime is a timestamp representing the server time when this + Stage started. It is represented in RFC3339 form and is in UTC. + type: complex + contains: {} + steps: + description: + - steps contains details about each step that occurs during a build + stage including start time and duration in milliseconds. + type: list + contains: + duration_milliseconds: + description: + - durationMilliseconds identifies how long the step took to + complete in milliseconds. + type: int + name: + description: + - name is a unique identifier for each build step. + type: str + start_time: + description: + - startTime is a timestamp representing the server time when + this Step started. it is represented in RFC3339 form and is + in UTC. + type: complex + contains: {} start_timestamp: description: - startTimestamp is a timestamp representing the server time when this diff --git a/library/openshift_v1_build_request.py b/library/openshift_v1_build_request.py index a75e4da9..4e79bf4f 100644 --- a/library/openshift_v1_build_request.py +++ b/library/openshift_v1_build_request.py @@ -89,10 +89,16 @@ options: aliases: - build_args type: list + docker_strategy_options_no_cache: + description: + - noCache overrides the docker-strategy noCache option in the build config + aliases: + - no_cache + type: bool env: description: - env contains additional environment variables you want to pass into a builder - container. ValueFrom is not supported. + container. type: list force: description: @@ -175,6 +181,12 @@ options: 'Images' aliases: - type + source_strategy_options_incremental: + description: + - incremental overrides the source-strategy incremental option in the build config + aliases: + - incremental + type: bool ssl_ca_cert: description: - Path to a CA certificate used to authenticate with the API. @@ -233,7 +245,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -352,11 +364,15 @@ build_request: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.podIP.' + status.hostIP, status.podIP.' type: complex contains: api_version: @@ -383,8 +399,7 @@ build_request: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -403,10 +418,18 @@ build_request: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool + no_cache: + description: + - noCache overrides the docker-strategy noCache option in the build config + type: bool env: description: - env contains additional environment variables you want to pass into a builder - container. ValueFrom is not supported. + container. type: list contains: name: @@ -441,11 +464,15 @@ build_request: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.podIP.' + status.hostIP, status.podIP.' type: complex contains: api_version: @@ -472,8 +499,7 @@ build_request: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -491,6 +517,10 @@ build_request: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be defined + type: bool kind: description: - Kind is a string value representing the REST resource this object represents. @@ -584,6 +614,150 @@ build_request: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -619,6 +793,14 @@ build_request: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -704,12 +886,82 @@ build_request: - type of the build source, may be one of 'Source', 'Dockerfile', 'Binary', or 'Images' type: str + source_strategy_options: + description: + - SourceStrategyOptions contains additional source-strategy specific options + for the build + type: complex + contains: + incremental: + description: + - incremental overrides the source-strategy incremental option in the build + config + type: bool triggered_by: description: - triggeredBy describes which triggers started the most recent update to the build configuration and contains information about those triggers. type: list contains: + bitbucket_web_hook: + description: + - BitbucketWebHook represents data for a Bitbucket webhook that fired a + specific build. + type: complex + contains: + revision: + description: + - Revision is the git source revision information of the trigger. + type: complex + contains: + git: + description: + - Git contains information about git-based build source + type: complex + contains: + author: + description: + - author is the author of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + commit: + description: + - commit is the commit hash identifying a specific commit + type: str + committer: + description: + - committer is the committer of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + message: + description: + - message is the description of a specific commit + type: str + type: + description: + - type of the build source, may be one of 'Source', 'Dockerfile', + 'Binary', or 'Images' + type: str + secret: + description: + - Secret is the obfuscated webhook secret that triggered a build. + type: str generic_web_hook: description: - genericWebHook holds data about a builds generic webhook trigger. @@ -828,6 +1080,65 @@ build_request: description: - secret is the obfuscated webhook secret that triggered a build. type: str + gitlab_web_hook: + description: + - GitLabWebHook represents data for a GitLab webhook that fired a specific + build. + type: complex + contains: + revision: + description: + - Revision is the git source revision information of the trigger. + type: complex + contains: + git: + description: + - Git contains information about git-based build source + type: complex + contains: + author: + description: + - author is the author of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + commit: + description: + - commit is the commit hash identifying a specific commit + type: str + committer: + description: + - committer is the committer of a specific commit + type: complex + contains: + email: + description: + - email of the source control user + type: str + name: + description: + - name of the source control user + type: str + message: + description: + - message is the description of a specific commit + type: str + type: + description: + - type of the build source, may be one of 'Source', 'Dockerfile', + 'Binary', or 'Images' + type: str + secret: + description: + - Secret is the obfuscated webhook secret that triggered a build. + type: str image_change_build: description: - imageChangeBuild stores information about an imagechange event that triggered diff --git a/library/openshift_v1_cluster_network.py b/library/openshift_v1_cluster_network.py index 1a7cb475..23f8ac28 100644 --- a/library/openshift_v1_cluster_network.py +++ b/library/openshift_v1_cluster_network.py @@ -24,6 +24,12 @@ options: description: - Path to a certificate used to authenticate with the API. type: path + cluster_networks: + description: + - ClusterNetworks is a list of ClusterNetwork objects that defines the global + overlay network's L3 space by specifying a set of CIDR and netmasks that the + SDN can allocate addressed from. + type: list context: description: - The name of a context found in the Kubernetes config file. @@ -122,7 +128,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -142,6 +148,23 @@ cluster_network: Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str + cluster_networks: + description: + - ClusterNetworks is a list of ClusterNetwork objects that defines the global + overlay network's L3 space by specifying a set of CIDR and netmasks that the + SDN can allocate addressed from. + type: list + contains: + cidr: + description: + - CIDR defines the total range of a cluster networks address space. + type: str + host_subnet_length: + description: + - HostSubnetLength is the number of bits of the accompanying CIDR address + to allocate to each node. eg, 8 would mean that each node would have a + /24 slice of the overlay network for its pods. + type: int hostsubnetlength: description: - HostSubnetLength is the number of bits of network to allocate to each node. @@ -235,6 +258,150 @@ cluster_network: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -270,6 +437,14 @@ cluster_network: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_cluster_network_list.py b/library/openshift_v1_cluster_network_list.py index 483b6cf2..c85f7c1e 100644 --- a/library/openshift_v1_cluster_network_list.py +++ b/library/openshift_v1_cluster_network_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -120,6 +116,23 @@ cluster_network_list: Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str + cluster_networks: + description: + - ClusterNetworks is a list of ClusterNetwork objects that defines the global + overlay network's L3 space by specifying a set of CIDR and netmasks that + the SDN can allocate addressed from. + type: list + contains: + cidr: + description: + - CIDR defines the total range of a cluster networks address space. + type: str + host_subnet_length: + description: + - HostSubnetLength is the number of bits of the accompanying CIDR address + to allocate to each node. eg, 8 would mean that each node would have + a /24 slice of the overlay network for its pods. + type: int hostsubnetlength: description: - HostSubnetLength is the number of bits of network to allocate to each @@ -216,6 +229,153 @@ cluster_network_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -252,6 +412,14 @@ cluster_network_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_cluster_policy_binding.py b/library/openshift_v1_cluster_policy_binding.py deleted file mode 100644 index f69d2d5c..00000000 --- a/library/openshift_v1_cluster_policy_binding.py +++ /dev/null @@ -1,692 +0,0 @@ -#!/usr/bin/env python - -from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException - -DOCUMENTATION = ''' -module: openshift_v1_cluster_policy_binding -short_description: OpenShift ClusterPolicyBinding -description: -- Manage the lifecycle of a cluster_policy_binding object. Supports check mode, and - attempts to to be idempotent. -version_added: 2.3.0 -author: OpenShift (@openshift) -options: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. They are - not queryable and should be preserved when modifying objects. - type: dict - api_key: - description: - - Token used to connect to the API. - cert_file: - description: - - Path to a certificate used to authenticate with the API. - type: path - context: - description: - - The name of a context found in the Kubernetes config file. - debug: - description: - - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log - default: false - type: bool - force: - description: - - If set to C(True), and I(state) is C(present), an existing object will updated, - and lists will be replaced, rather than merged. - default: false - type: bool - host: - description: - - Provide a URL for acessing the Kubernetes API. - key_file: - description: - - Path to a key file used to authenticate with the API. - type: path - kubeconfig: - description: - - Path to an existing Kubernetes config file. If not provided, and no other connection - options are provided, the openshift client will attempt to load the default - configuration file from I(~/.kube/config.json). - type: path - labels: - description: - - Map of string keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers and services. - type: dict - name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation idempotence and - configuration definition. Cannot be updated. - namespace: - description: - - Namespace defines the space within each name must be unique. An empty namespace - is equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. - password: - description: - - Provide a password for connecting to the API. Use in conjunction with I(username). - policy_ref_api_version: - description: - - API version of the referent. - aliases: - - api_version - policy_ref_field_path: - description: - - 'If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would - take on a value like: "spec.containers{name}" (where "name" refers to the name - of the container that triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of an object.' - aliases: - - field_path - policy_ref_kind: - description: - - Kind of the referent. - aliases: - - kind - policy_ref_name: - description: - - Name of the referent. - aliases: - - name - policy_ref_namespace: - description: - - Namespace of the referent. - aliases: - - namespace - policy_ref_resource_version: - description: - - Specific resourceVersion to which this reference is made, if any. - aliases: - - resource_version - policy_ref_uid: - description: - - UID of the referent. - aliases: - - uid - resource_definition: - description: - - Provide the YAML definition for the object, bypassing any modules parameters - intended to define object attributes. - type: dict - role_bindings: - description: - - RoleBindings holds all the ClusterRoleBindings held by this ClusterPolicyBinding, - mapped by ClusterRoleBinding.Name - type: list - src: - description: - - Provide a path to a file containing the YAML definition of the object. Mutually - exclusive with I(resource_definition). - type: path - ssl_ca_cert: - description: - - Path to a CA certificate used to authenticate with the API. - type: path - state: - description: - - Determines if an object should be created, patched, or deleted. When set to - C(present), the object will be created, if it does not exist, or patched, if - parameter values differ from the existing object's attributes, and deleted, - if set to C(absent). A patch operation results in merging lists and updating - dictionaries, with lists being merged into a unique set of values. If a list - contains a dictionary with a I(name) or I(type) attribute, a strategic merge - is performed, where individual elements with a matching I(name_) or I(type) - are merged. To force the replacement of lists, set the I(force) option to C(True). - default: present - choices: - - present - - absent - username: - description: - - Provide a username for connecting to the API. - verify_ssl: - description: - - Whether or not to verify the API server's SSL certificates. - type: bool -requirements: -- openshift == 1.0.0-snapshot -''' - -EXAMPLES = ''' -''' - -RETURN = ''' -api_version: - type: string - description: Requested API version -cluster_policy_binding: - type: complex - returned: when I(state) = C(present) - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. - type: str - last_modified: - description: - - LastModified is the last time that any part of the ClusterPolicyBinding was - created, updated, or deleted - type: complex - contains: {} - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource that - may be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used to distinguish - resources with same name and namespace in different clusters. This field - is not set anywhere right now and apiserver is going to ignore it if set - in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time when this - object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null - for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate before - it will be removed from the system. Only set when deletionTimestamp is - also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource will - be deleted. This field is set by the server when a graceful deletion is - requested by the user, and is not directly settable by a client. The resource - is expected to be deleted (no longer visible from resource lists, and - not reachable by name) after the time in this field. Once set, this value - may not be unset or be set further into the future, although it may be - shortened or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet will - react by sending a graceful termination signal to the containers in the - pod. After that 30 seconds, the Kubelet will send a hard termination signal - (SIGKILL) to the container and after cleanup, remove the pod from the - API. In the presence of network partitions, this object may still exist - after this timestamp, until an administrator or automated process can - determine the resource is fully terminated. If not set, graceful deletion - of the object has not been requested. Populated by the system when a graceful - deletion is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. Each entry - is an identifier for the responsible component that will remove the entry - from the list. If the deletionTimestamp of the object is non-nil, entries - in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate a - unique name ONLY IF the Name field has not been provided. If this field - is used, the name returned to the client will be different than the name - passed. This value will also be combined with a unique suffix. The provided - value has the same validation rules as the Name field, and may be truncated - by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created or 500 with - Reason ServerTimeout indicating a unique name could not be found in the - time allotted, and the client should retry (optionally after the time - indicated in the Retry-After header). Applied only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired state. - Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of - an appropriate name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An empty - namespace is equivalent to the "default" namespace, but "default" is the - canonical representation. Not all objects are required to be scoped to - a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the list have - been deleted, this object will be garbage collected. If this object is - managed by a controller, then an entry in this list will point to this - controller, with the controller field set to true. There cannot be more - than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object that - can be used by clients to determine when objects have changed. May be - used for optimistic concurrency, change detection, and the watch operation - on a resource or set of resources. Clients must treat these values as - opaque and passed unmodified back to the server. They may only be valid - for a particular resource or set of resources. Populated by the system. - Read-only. Value must be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It is typically - generated by the server on successful creation of a resource and is not - allowed to change on PUT operations. Populated by the system. Read-only. - type: str - policy_ref: - description: - - PolicyRef is a reference to the ClusterPolicy that contains all the ClusterRoles - that this ClusterPolicyBinding's RoleBindings may reference - type: complex - contains: - api_version: - description: - - API version of the referent. - type: str - field_path: - description: - - 'If referring to a piece of an object instead of an entire object, this - string should contain a valid JSON/Go field access statement, such as - desiredState.manifest.containers[2]. For example, if the object reference - is to a container within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered the event) - or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined - way of referencing a part of an object.' - type: str - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - namespace: - description: - - Namespace of the referent. - type: str - resource_version: - description: - - Specific resourceVersion to which this reference is made, if any. - type: str - uid: - description: - - UID of the referent. - type: str - role_bindings: - description: - - RoleBindings holds all the ClusterRoleBindings held by this ClusterPolicyBinding, - mapped by ClusterRoleBinding.Name - type: list - contains: - name: - description: - - Name is the name of the cluster role binding - type: str - role_binding: - description: - - RoleBinding is the cluster role binding being named - type: complex - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of - an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. - type: str - group_names: - description: - - GroupNames holds all the groups directly bound to the role. This field - should only be specified when supporting legacy clients and servers. - See Subjects for further details. - type: list - contains: str - kind: - description: - - Kind is a string value representing the REST resource this object - represents. Servers may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - type: str - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource - that may be set by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be preserved when - modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used - to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver - is going to ignore it if set in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in - happens-before order across separate operations. Clients may not - set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource - will be deleted. This field is set by the server when a graceful - deletion is requested by the user, and is not directly settable - by a client. The resource is expected to be deleted (no longer - visible from resource lists, and not reachable by name) after - the time in this field. Once set, this value may not be unset - or be set further into the future, although it may be shortened - or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet - will react by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a hard - termination signal (SIGKILL) to the container and after cleanup, - remove the pod from the API. In the presence of network partitions, - this object may still exist after this timestamp, until an administrator - or automated process can determine the resource is fully terminated. - If not set, graceful deletion of the object has not been requested. - Populated by the system when a graceful deletion is requested. - Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component that - will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate - a unique name ONLY IF the Name field has not been provided. If - this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a - unique suffix. The provided value has the same validation rules - as the Name field, and may be truncated by the length of the suffix - required to make the value unique on the server. If this field - is specified and the generated name exists, the server will NOT - return a 409 - instead, it will either return 201 Created or 500 - with Reason ServerTimeout indicating a unique name could not be - found in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied only - if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired - state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and - categorize (scope and select) objects. May match selectors of - replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration definition. - Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An - empty namespace is equivalent to the "default" namespace, but - "default" is the canonical representation. Not all objects are - required to be scoped to a namespace - the value of this field - for those objects will be empty. Must be a DNS_LABEL. Cannot be - updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the - list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object - that can be used by clients to determine when objects have changed. - May be used for optimistic concurrency, change detection, and - the watch operation on a resource or set of resources. Clients - must treat these values as opaque and passed unmodified back to - the server. They may only be valid for a particular resource or - set of resources. Populated by the system. Read-only. Value must - be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. - Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It - is typically generated by the server on successful creation of - a resource and is not allowed to change on PUT operations. Populated - by the system. Read-only. - type: str - role_ref: - description: - - RoleRef can only reference the current namespace and the global namespace. - If the ClusterRoleRef cannot be resolved, the Authorizer must return - an error. Since Policy is a singleton, this is sufficient knowledge - to locate a role. - type: complex - contains: - api_version: - description: - - API version of the referent. - type: str - field_path: - description: - - 'If referring to a piece of an object instead of an entire object, - this string should contain a valid JSON/Go field access statement, - such as desiredState.manifest.containers[2]. For example, if the - object reference is to a container within a pod, this would take - on a value like: "spec.containers{name}" (where "name" refers - to the name of the container that triggered the event) or if no - container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some - well-defined way of referencing a part of an object.' - type: str - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - namespace: - description: - - Namespace of the referent. - type: str - resource_version: - description: - - Specific resourceVersion to which this reference is made, if any. - type: str - uid: - description: - - UID of the referent. - type: str - subjects: - description: - - Subjects hold object references to authorize with this rule. This - field is ignored if UserNames or GroupNames are specified to support - legacy clients and servers. Thus newer clients that do not need to - support backwards compatibility should send only fully qualified Subjects - and should omit the UserNames and GroupNames fields. Clients that - need to support backwards compatibility can use this field to build - the UserNames and GroupNames. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - field_path: - description: - - 'If referring to a piece of an object instead of an entire object, - this string should contain a valid JSON/Go field access statement, - such as desiredState.manifest.containers[2]. For example, if the - object reference is to a container within a pod, this would take - on a value like: "spec.containers{name}" (where "name" refers - to the name of the container that triggered the event) or if no - container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some - well-defined way of referencing a part of an object.' - type: str - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - namespace: - description: - - Namespace of the referent. - type: str - resource_version: - description: - - Specific resourceVersion to which this reference is made, if any. - type: str - uid: - description: - - UID of the referent. - type: str - user_names: - description: - - UserNames holds all the usernames directly bound to the role. This - field should only be specified when supporting legacy clients and - servers. See Subjects for further details. - type: list - contains: str -''' - - -def main(): - try: - module = OpenShiftAnsibleModule('cluster_policy_binding', 'V1') - except OpenShiftAnsibleException as exc: - # The helper failed to init, so there is no module object. All we can do is raise the error. - raise Exception(exc.message) - - try: - module.execute_module() - except OpenShiftAnsibleException as exc: - module.fail_json(msg="Module failed!", error=str(exc)) - - -if __name__ == '__main__': - main() diff --git a/library/openshift_v1_cluster_policy_binding_list.py b/library/openshift_v1_cluster_policy_binding_list.py deleted file mode 100644 index c158ec12..00000000 --- a/library/openshift_v1_cluster_policy_binding_list.py +++ /dev/null @@ -1,680 +0,0 @@ -#!/usr/bin/env python - -from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException - -DOCUMENTATION = ''' -module: openshift_v1_cluster_policy_binding_list -short_description: OpenShift ClusterPolicyBindingList -description: -- Retrieve a list of cluster_policy_bindings. List operations provide a snapshot read - of the underlying objects, returning a resource_version representing a consistent - version of the listed objects. -version_added: 2.3.0 -author: OpenShift (@openshift) -options: - api_key: - description: - - Token used to connect to the API. - cert_file: - description: - - Path to a certificate used to authenticate with the API. - type: path - context: - description: - - The name of a context found in the Kubernetes config file. - debug: - description: - - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log - default: false - type: bool - force: - description: - - If set to C(True), and I(state) is C(present), an existing object will updated, - and lists will be replaced, rather than merged. - default: false - type: bool - host: - description: - - Provide a URL for acessing the Kubernetes API. - key_file: - description: - - Path to a key file used to authenticate with the API. - type: path - kubeconfig: - description: - - Path to an existing Kubernetes config file. If not provided, and no other connection - options are provided, the openshift client will attempt to load the default - configuration file from I(~/.kube/config.json). - type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. - password: - description: - - Provide a password for connecting to the API. Use in conjunction with I(username). - resource_definition: - description: - - Provide the YAML definition for the object, bypassing any modules parameters - intended to define object attributes. - type: dict - src: - description: - - Provide a path to a file containing the YAML definition of the object. Mutually - exclusive with I(resource_definition). - type: path - ssl_ca_cert: - description: - - Path to a CA certificate used to authenticate with the API. - type: path - state: - description: - - Determines if an object should be created, patched, or deleted. When set to - C(present), the object will be created, if it does not exist, or patched, if - parameter values differ from the existing object's attributes, and deleted, - if set to C(absent). A patch operation results in merging lists and updating - dictionaries, with lists being merged into a unique set of values. If a list - contains a dictionary with a I(name) or I(type) attribute, a strategic merge - is performed, where individual elements with a matching I(name_) or I(type) - are merged. To force the replacement of lists, set the I(force) option to C(True). - default: present - choices: - - present - - absent - username: - description: - - Provide a username for connecting to the API. - verify_ssl: - description: - - Whether or not to verify the API server's SSL certificates. - type: bool -requirements: -- openshift == 1.0.0-snapshot -''' - -EXAMPLES = ''' -''' - -RETURN = ''' -api_version: - type: string - description: Requested API version -cluster_policy_binding_list: - type: complex - returned: when I(state) = C(present) - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - type: str - items: - description: - - Items is a list of ClusterPolicyBindings - type: list - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, - and may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. In CamelCase. - type: str - last_modified: - description: - - LastModified is the last time that any part of the ClusterPolicyBinding - was created, updated, or deleted - type: complex - contains: {} - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource - that may be set by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be preserved when modifying - objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used - to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver is - going to ignore it if set in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. - It is represented in RFC3339 form and is in UTC. Populated by the - system. Read-only. Null for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource - will be deleted. This field is set by the server when a graceful deletion - is requested by the user, and is not directly settable by a client. - The resource is expected to be deleted (no longer visible from resource - lists, and not reachable by name) after the time in this field. Once - set, this value may not be unset or be set further into the future, - although it may be shortened or the resource may be deleted prior - to this time. For example, a user may request that a pod is deleted - in 30 seconds. The Kubelet will react by sending a graceful termination - signal to the containers in the pod. After that 30 seconds, the Kubelet - will send a hard termination signal (SIGKILL) to the container and - after cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, until - an administrator or automated process can determine the resource is - fully terminated. If not set, graceful deletion of the object has - not been requested. Populated by the system when a graceful deletion - is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. Each - entry is an identifier for the responsible component that will remove - the entry from the list. If the deletionTimestamp of the object is - non-nil, entries in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate - a unique name ONLY IF the Name field has not been provided. If this - field is used, the name returned to the client will be different than - the name passed. This value will also be combined with a unique suffix. - The provided value has the same validation rules as the Name field, - and may be truncated by the length of the suffix required to make - the value unique on the server. If this field is specified and the - generated name exists, the server will NOT return a 409 - instead, - it will either return 201 Created or 500 with Reason ServerTimeout - indicating a unique name could not be found in the time allotted, - and the client should retry (optionally after the time indicated in - the Retry-After header). Applied only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired - state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request the - generation of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration definition. Cannot - be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An empty - namespace is equivalent to the "default" namespace, but "default" - is the canonical representation. Not all objects are required to be - scoped to a namespace - the value of this field for those objects - will be empty. Must be a DNS_LABEL. Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the list - have been deleted, this object will be garbage collected. If this - object is managed by a controller, then an entry in this list will - point to this controller, with the controller field set to true. There - cannot be more than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object - that can be used by clients to determine when objects have changed. - May be used for optimistic concurrency, change detection, and the - watch operation on a resource or set of resources. Clients must treat - these values as opaque and passed unmodified back to the server. They - may only be valid for a particular resource or set of resources. Populated - by the system. Read-only. Value must be treated as opaque by clients - and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. - Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It is typically - generated by the server on successful creation of a resource and is - not allowed to change on PUT operations. Populated by the system. - Read-only. - type: str - policy_ref: - description: - - PolicyRef is a reference to the ClusterPolicy that contains all the ClusterRoles - that this ClusterPolicyBinding's RoleBindings may reference - type: complex - contains: - api_version: - description: - - API version of the referent. - type: str - field_path: - description: - - 'If referring to a piece of an object instead of an entire object, - this string should contain a valid JSON/Go field access statement, - such as desiredState.manifest.containers[2]. For example, if the object - reference is to a container within a pod, this would take on a value - like: "spec.containers{name}" (where "name" refers to the name of - the container that triggered the event) or if no container name is - specified "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way of referencing - a part of an object.' - type: str - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - namespace: - description: - - Namespace of the referent. - type: str - resource_version: - description: - - Specific resourceVersion to which this reference is made, if any. - type: str - uid: - description: - - UID of the referent. - type: str - role_bindings: - description: - - RoleBindings holds all the ClusterRoleBindings held by this ClusterPolicyBinding, - mapped by ClusterRoleBinding.Name - type: list - contains: - name: - description: - - Name is the name of the cluster role binding - type: str - role_binding: - description: - - RoleBinding is the cluster role binding being named - type: complex - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the - latest internal value, and may reject unrecognized values. - type: str - group_names: - description: - - GroupNames holds all the groups directly bound to the role. This - field should only be specified when supporting legacy clients - and servers. See Subjects for further details. - type: list - contains: str - kind: - description: - - Kind is a string value representing the REST resource this object - represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. - type: str - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a - resource that may be set by external tools to store and retrieve - arbitrary metadata. They are not queryable and should be preserved - when modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This - is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right - now and apiserver is going to ignore it if set in create or - update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set - in happens-before order across separate operations. Clients - may not set this value. It is represented in RFC3339 form - and is in UTC. Populated by the system. Read-only. Null for - lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this - resource will be deleted. This field is set by the server - when a graceful deletion is requested by the user, and is - not directly settable by a client. The resource is expected - to be deleted (no longer visible from resource lists, and - not reachable by name) after the time in this field. Once - set, this value may not be unset or be set further into the - future, although it may be shortened or the resource may be - deleted prior to this time. For example, a user may request - that a pod is deleted in 30 seconds. The Kubelet will react - by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a - hard termination signal (SIGKILL) to the container and after - cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, - until an administrator or automated process can determine - the resource is fully terminated. If not set, graceful deletion - of the object has not been requested. Populated by the system - when a graceful deletion is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be - removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to - generate a unique name ONLY IF the Name field has not been - provided. If this field is used, the name returned to the - client will be different than the name passed. This value - will also be combined with a unique suffix. The provided value - has the same validation rules as the Name field, and may be - truncated by the length of the suffix required to make the - value unique on the server. If this field is specified and - the generated name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found - in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied - only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the - desired state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors - of replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name - is primarily intended for creation idempotence and configuration - definition. Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. - An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. - Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in - the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in - this list will point to this controller, with the controller - field set to true. There cannot be more than one managing - controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this - object that can be used by clients to determine when objects - have changed. May be used for optimistic concurrency, change - detection, and the watch operation on a resource or set of - resources. Clients must treat these values as opaque and passed - unmodified back to the server. They may only be valid for - a particular resource or set of resources. Populated by the - system. Read-only. Value must be treated as opaque by clients - and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the - system. Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. - It is typically generated by the server on successful creation - of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. - type: str - role_ref: - description: - - RoleRef can only reference the current namespace and the global - namespace. If the ClusterRoleRef cannot be resolved, the Authorizer - must return an error. Since Policy is a singleton, this is sufficient - knowledge to locate a role. - type: complex - contains: - api_version: - description: - - API version of the referent. - type: str - field_path: - description: - - 'If referring to a piece of an object instead of an entire - object, this string should contain a valid JSON/Go field access - statement, such as desiredState.manifest.containers[2]. For - example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object.' - type: str - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - namespace: - description: - - Namespace of the referent. - type: str - resource_version: - description: - - Specific resourceVersion to which this reference is made, - if any. - type: str - uid: - description: - - UID of the referent. - type: str - subjects: - description: - - Subjects hold object references to authorize with this rule. This - field is ignored if UserNames or GroupNames are specified to support - legacy clients and servers. Thus newer clients that do not need - to support backwards compatibility should send only fully qualified - Subjects and should omit the UserNames and GroupNames fields. - Clients that need to support backwards compatibility can use this - field to build the UserNames and GroupNames. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - field_path: - description: - - 'If referring to a piece of an object instead of an entire - object, this string should contain a valid JSON/Go field access - statement, such as desiredState.manifest.containers[2]. For - example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object.' - type: str - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - namespace: - description: - - Namespace of the referent. - type: str - resource_version: - description: - - Specific resourceVersion to which this reference is made, - if any. - type: str - uid: - description: - - UID of the referent. - type: str - user_names: - description: - - UserNames holds all the usernames directly bound to the role. - This field should only be specified when supporting legacy clients - and servers. See Subjects for further details. - type: list - contains: str - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. - type: str - metadata: - description: - - Standard object's metadata. - type: complex - contains: - resource_version: - description: - - String that identifies the server's internal version of this object that - can be used by clients to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified back to the server. - Populated by the system. Read-only. - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. Read-only. - type: str -''' - - -def main(): - try: - module = OpenShiftAnsibleModule('cluster_policy_binding_list', 'V1') - except OpenShiftAnsibleException as exc: - # The helper failed to init, so there is no module object. All we can do is raise the error. - raise Exception(exc.message) - - try: - module.execute_module() - except OpenShiftAnsibleException as exc: - module.fail_json(msg="Module failed!", error=str(exc)) - - -if __name__ == '__main__': - main() diff --git a/library/openshift_v1_cluster_resource_quota.py b/library/openshift_v1_cluster_resource_quota.py index e0653e49..6bbd3a36 100644 --- a/library/openshift_v1_cluster_resource_quota.py +++ b/library/openshift_v1_cluster_resource_quota.py @@ -142,7 +142,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -249,6 +249,150 @@ cluster_resource_quota: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -284,6 +428,14 @@ cluster_resource_quota: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -334,7 +486,7 @@ cluster_resource_quota: description: - Hard is the set of desired hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str scopes: description: - A collection of filters that must match each object tracked by a quota. @@ -416,13 +568,13 @@ cluster_resource_quota: description: - Hard is the set of enforced hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str used: description: - Used is the current observed total usage of the resource in the namespace. type: complex - contains: str, ResourceQuantity + contains: str, str total: description: - Total defines the actual enforced quota and its current usage across all @@ -433,12 +585,12 @@ cluster_resource_quota: description: - Hard is the set of enforced hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str used: description: - Used is the current observed total usage of the resource in the namespace. type: complex - contains: str, ResourceQuantity + contains: str, str ''' diff --git a/library/openshift_v1_cluster_resource_quota_list.py b/library/openshift_v1_cluster_resource_quota_list.py index 9fd790c2..eb2665ca 100644 --- a/library/openshift_v1_cluster_resource_quota_list.py +++ b/library/openshift_v1_cluster_resource_quota_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ cluster_resource_quota_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ cluster_resource_quota_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -299,7 +450,7 @@ cluster_resource_quota_list: description: - Hard is the set of desired hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str scopes: description: - A collection of filters that must match each object tracked by @@ -383,13 +534,13 @@ cluster_resource_quota_list: description: - Hard is the set of enforced hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str used: description: - Used is the current observed total usage of the resource in the namespace. type: complex - contains: str, ResourceQuantity + contains: str, str total: description: - Total defines the actual enforced quota and its current usage across @@ -400,13 +551,13 @@ cluster_resource_quota_list: description: - Hard is the set of enforced hard limits for each named resource. type: complex - contains: str, ResourceQuantity + contains: str, str used: description: - Used is the current observed total usage of the resource in the namespace. type: complex - contains: str, ResourceQuantity + contains: str, str kind: description: - Kind is a string value representing the REST resource this object represents. diff --git a/library/openshift_v1_cluster_role.py b/library/openshift_v1_cluster_role.py index 588fe7ef..44e3f0b5 100644 --- a/library/openshift_v1_cluster_role.py +++ b/library/openshift_v1_cluster_role.py @@ -111,7 +111,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -218,6 +218,150 @@ cluster_role: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -253,6 +397,14 @@ cluster_role: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_cluster_role_binding.py b/library/openshift_v1_cluster_role_binding.py index 3a4a114c..215f5be7 100644 --- a/library/openshift_v1_cluster_role_binding.py +++ b/library/openshift_v1_cluster_role_binding.py @@ -169,7 +169,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -283,6 +283,150 @@ cluster_role_binding: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -318,6 +462,14 @@ cluster_role_binding: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_cluster_role_binding_list.py b/library/openshift_v1_cluster_role_binding_list.py index 79c75b4b..03157f82 100644 --- a/library/openshift_v1_cluster_role_binding_list.py +++ b/library/openshift_v1_cluster_role_binding_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -217,6 +213,153 @@ cluster_role_binding_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -253,6 +396,14 @@ cluster_role_binding_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_cluster_role_list.py b/library/openshift_v1_cluster_role_list.py index 927b94c6..760f18e2 100644 --- a/library/openshift_v1_cluster_role_list.py +++ b/library/openshift_v1_cluster_role_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ cluster_role_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ cluster_role_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_deployment_config.py b/library/openshift_v1_deployment_config.py index 087878db..f7411357 100644 --- a/library/openshift_v1_deployment_config.py +++ b/library/openshift_v1_deployment_config.py @@ -102,7 +102,8 @@ options: description: - RevisionHistoryLimit is the number of old ReplicationControllers to retain to allow for rollbacks. This field is a pointer to allow for differentiation between - an explicit zero and not specified. + an explicit zero and not specified. Defaults to 10. (This only applies to DeploymentConfigs + created via the new group API resource, not the legacy resource.) aliases: - revision_history_limit type: int @@ -171,8 +172,8 @@ options: description: - Type is the name of a deployment strategy. choices: - - Rolling - Custom + - Rolling - Recreate aliases: - strategy_type @@ -207,6 +208,98 @@ options: aliases: - active_deadline_seconds type: int + spec_template_spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + spec_template_spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - automount_service_account_token + type: bool spec_template_spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -216,10 +309,18 @@ options: type: list spec_template_spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - dns_policy + spec_template_spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - host_aliases + type: list spec_template_spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -255,6 +356,21 @@ options: aliases: - image_pull_secrets type: list + spec_template_spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - init_containers + type: list spec_template_spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -276,6 +392,12 @@ options: Never. Default to Always. aliases: - restart_policy + spec_template_spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - scheduler_name spec_template_spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -364,6 +486,12 @@ options: aliases: - termination_grace_period_seconds type: int + spec_template_spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - tolerations + type: list spec_template_spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. @@ -420,7 +548,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -606,6 +734,150 @@ deployment_config: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -641,6 +913,14 @@ deployment_config: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -703,7 +983,9 @@ deployment_config: description: - RevisionHistoryLimit is the number of old ReplicationControllers to retain to allow for rollbacks. This field is a pointer to allow for differentiation - between an explicit zero and not specified. + between an explicit zero and not specified. Defaults to 10. (This only + applies to DeploymentConfigs created via the new group API resource, not + the legacy resource.) type: int selector: description: @@ -751,7 +1033,7 @@ deployment_config: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources required. @@ -759,7 +1041,7 @@ deployment_config: if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str rolling_params: description: Deployment strategy parameters when I(type) is Rolling. type: complex @@ -860,6 +1142,158 @@ deployment_config: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -897,6 +1331,14 @@ deployment_config: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -948,6 +1390,493 @@ deployment_config: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -1019,11 +1948,17 @@ deployment_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -1052,8 +1987,7 @@ deployment_config: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1072,6 +2006,53 @@ deployment_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -1148,8 +2129,7 @@ deployment_config: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1161,13 +2141,17 @@ deployment_config: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -1230,8 +2214,7 @@ deployment_config: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1243,13 +2226,17 @@ deployment_config: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -1313,8 +2300,7 @@ deployment_config: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1342,13 +2328,17 @@ deployment_config: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1460,8 +2450,7 @@ deployment_config: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1489,13 +2478,17 @@ deployment_config: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1511,7 +2504,7 @@ deployment_config: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1519,10 +2512,10 @@ deployment_config: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1623,7 +2616,20 @@ deployment_config: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -1663,9 +2669,27 @@ deployment_config: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1698,6 +2722,805 @@ deployment_config: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -1716,6 +3539,11 @@ deployment_config: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1812,6 +3640,46 @@ deployment_config: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -1875,6 +3743,13 @@ deployment_config: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -1984,9 +3859,9 @@ deployment_config: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -2012,6 +3887,10 @@ deployment_config: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -2080,8 +3959,7 @@ deployment_config: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -2098,6 +3976,15 @@ deployment_config: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -2272,6 +4159,14 @@ deployment_config: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -2292,11 +4187,27 @@ deployment_config: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -2358,6 +4269,209 @@ deployment_config: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2440,6 +4554,67 @@ deployment_config: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2462,8 +4637,9 @@ deployment_config: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -2485,10 +4661,58 @@ deployment_config: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -2501,6 +4725,15 @@ deployment_config: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/openshift_v1_deployment_config_list.py b/library/openshift_v1_deployment_config_list.py index 1cfa2076..69720ba1 100644 --- a/library/openshift_v1_deployment_config_list.py +++ b/library/openshift_v1_deployment_config_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ deployment_config_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ deployment_config_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -311,7 +462,9 @@ deployment_config_list: description: - RevisionHistoryLimit is the number of old ReplicationControllers to retain to allow for rollbacks. This field is a pointer to allow for - differentiation between an explicit zero and not specified. + differentiation between an explicit zero and not specified. Defaults + to 10. (This only applies to DeploymentConfigs created via the new + group API resource, not the legacy resource.) type: int selector: description: @@ -360,7 +513,7 @@ deployment_config_list: description: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -368,7 +521,7 @@ deployment_config_list: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str rolling_params: description: Deployment strategy parameters when I(type) is Rolling. type: complex @@ -474,6 +627,162 @@ deployment_config_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -512,6 +821,15 @@ deployment_config_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -564,6 +882,510 @@ deployment_config_list: try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the + system may or may not try to eventually evict the + pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system will try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must + be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some + other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by + iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches + the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this + field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system will + try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this + field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot @@ -637,11 +1459,17 @@ deployment_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -671,8 +1499,7 @@ deployment_config_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -691,6 +1518,53 @@ deployment_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -769,8 +1643,7 @@ deployment_config_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -782,13 +1655,17 @@ deployment_config_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is @@ -852,8 +1729,7 @@ deployment_config_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -865,13 +1741,17 @@ deployment_config_list: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be @@ -936,8 +1816,7 @@ deployment_config_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -965,13 +1844,17 @@ deployment_config_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1087,8 +1970,7 @@ deployment_config_list: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1116,13 +1998,17 @@ deployment_config_list: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -1139,7 +2025,7 @@ deployment_config_list: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1147,10 +2033,10 @@ deployment_config_list: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1256,8 +2142,21 @@ deployment_config_list: \ termination message will be written is mounted into\ \ the container's filesystem. Message written is intended\ \ to be brief final status, such as an assertion failure\ - \ message. Defaults to /dev/termination-log. Cannot be\ - \ updated." + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. type: str tty: description: @@ -1298,9 +2197,27 @@ deployment_config_list: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To + have DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will + be injected into the pod's hosts file if specified. This is + only valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1334,6 +2251,825 @@ deployment_config_list: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init + containers are executed in order prior to containers being + started. If any init container fails, the pod is considered + to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be + unique among all containers. Init containers may not have + Lifecycle actions, Readiness probes, or Liveness probes. The + resourceRequirements of an init container are taken into account + during scheduling by finding the highest request/limit for + each resource type, and then using the max of of that value + or the sum of the normal containers. Limits are applied to + init containers in a similar fashion. Init containers cannot + currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is\ + \ used if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a\ + \ variable cannot be resolved, the reference in the input\ + \ string will be unchanged. The $(VAR_NAME) syntax can\ + \ be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided.\ + \ Variable references $(VAR_NAME) are expanded using the\ + \ container's environment. If a variable cannot be resolved,\ + \ the reference in the input string will be unchanged.\ + \ The $(VAR_NAME) syntax can be escaped with a double\ + \ $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists\ + \ or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. + Cannot be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the + container and any service environment variables. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot + be used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must + be a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container + is created. If the handler fails, the container is + terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is + terminated. The container is terminated after the + handler completes. The reason for termination is passed + to the handler. Regardless of the outcome of the handler, + the container is eventually terminated. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be + restarted if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be + updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a + port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will + be accessible from the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If + HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have + a unique name. Name for the port that can be referred + to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to + "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. + Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be + updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted + by the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the + host. Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image + at runtime to ensure that it does not run as UID 0 + (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate + a random SELinux context for each container. May also + be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the + container. + type: str + role: + description: + - Role is a SELinux role label that applies to the + container. + type: str + type: + description: + - Type is a SELinux type label that applies to the + container. + type: str + user: + description: + - User is a SELinux user label that applies to the + container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default + is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple + attach sessions. If stdinOnce is set to true, stdin is + opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into\ + \ the container's filesystem. Message written is intended\ + \ to be brief final status, such as an assertion failure\ + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, + also requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should + be mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific @@ -1352,6 +3088,11 @@ deployment_config_list: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1450,6 +3191,46 @@ deployment_config_list: Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a + pod can tolerate all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If + the operator is Exists, the value should be empty, otherwise + just a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging @@ -1514,6 +3295,13 @@ deployment_config_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will @@ -1626,8 +3414,9 @@ deployment_config_list: projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will - error. Paths must be relative and may not contain - the '..' path or start with '..'. + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. type: list contains: key: @@ -1654,6 +3443,11 @@ deployment_config_list: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be + defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that @@ -1724,8 +3518,7 @@ deployment_config_list: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1742,6 +3535,16 @@ deployment_config_list: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir + would be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that the + limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached @@ -1919,6 +3722,14 @@ deployment_config_list: to a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -1939,11 +3750,27 @@ deployment_config_list: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an + IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or @@ -2007,6 +3834,217 @@ deployment_config_list: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and + mounted on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to + be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and + downward API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must + be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will + be projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys + must be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: + only annotations, labels, name and namespace + are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath + is written in terms of, defaults to + "v1". + type: str + field_path: + description: + - Path of the field to select in the + specified API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not\ + \ be absolute or contain the '..' path.\ + \ Must be utf-8 encoded. The first item\ + \ of the relative path must not start\ + \ with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the + exposed resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced Secret will be + projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must + be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -2090,6 +4128,68 @@ deployment_config_list: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured + storage (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user + and other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should + be thick or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -2112,9 +4212,9 @@ deployment_config_list: is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is - not present in the Secret, the volume setup will error. - Paths must be relative and may not contain the '..' - path or start with '..'. + not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. type: list contains: key: @@ -2137,10 +4237,60 @@ deployment_config_list: path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then + the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and @@ -2154,6 +4304,15 @@ deployment_config_list: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/openshift_v1_deployment_config_rollback.py b/library/openshift_v1_deployment_config_rollback.py index e2d3d410..e6d8b3d9 100644 --- a/library/openshift_v1_deployment_config_rollback.py +++ b/library/openshift_v1_deployment_config_rollback.py @@ -139,7 +139,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' diff --git a/library/openshift_v1_egress_network_policy.py b/library/openshift_v1_egress_network_policy.py index fa31ee21..d0b5feaf 100644 --- a/library/openshift_v1_egress_network_policy.py +++ b/library/openshift_v1_egress_network_policy.py @@ -113,7 +113,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -220,6 +220,150 @@ egress_network_policy: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -255,6 +399,14 @@ egress_network_policy: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -308,7 +460,13 @@ egress_network_policy: contains: cidr_selector: description: - - cidrSelector is the CIDR range to allow/deny traffic to + - cidrSelector is the CIDR range to allow/deny traffic to. If this + is set, dnsName must be unset + type: str + dns_name: + description: + - dnsName is the domain name to allow/deny traffic to. If this is + set, cidrSelector must be unset type: str type: description: diff --git a/library/openshift_v1_egress_network_policy_list.py b/library/openshift_v1_egress_network_policy_list.py index 0d6ed8a8..05c4321b 100644 --- a/library/openshift_v1_egress_network_policy_list.py +++ b/library/openshift_v1_egress_network_policy_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ egress_network_policy_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ egress_network_policy_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -302,7 +453,13 @@ egress_network_policy_list: contains: cidr_selector: description: - - cidrSelector is the CIDR range to allow/deny traffic to + - cidrSelector is the CIDR range to allow/deny traffic to. If + this is set, dnsName must be unset + type: str + dns_name: + description: + - dnsName is the domain name to allow/deny traffic to. If this + is set, cidrSelector must be unset type: str type: description: diff --git a/library/openshift_v1_group.py b/library/openshift_v1_group.py index bf53fc2f..18854cfc 100644 --- a/library/openshift_v1_group.py +++ b/library/openshift_v1_group.py @@ -111,7 +111,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -218,6 +218,150 @@ group: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -253,6 +397,14 @@ group: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_group_list.py b/library/openshift_v1_group_list.py index 5ff7c0e3..7111817f 100644 --- a/library/openshift_v1_group_list.py +++ b/library/openshift_v1_group_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ group_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ group_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_host_subnet.py b/library/openshift_v1_host_subnet.py index 5c564a46..8d4dcc31 100644 --- a/library/openshift_v1_host_subnet.py +++ b/library/openshift_v1_host_subnet.py @@ -32,6 +32,11 @@ options: - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log default: false type: bool + egress_i_ps: + description: + - EgressIPs is the list of automatic egress IP addresses currently hosted by this + node + type: list force: description: - If set to C(True), and I(state) is C(present), an existing object will updated, @@ -116,7 +121,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -136,6 +141,12 @@ host_subnet: Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str + egress_i_ps: + description: + - EgressIPs is the list of automatic egress IP addresses currently hosted by + this node + type: list + contains: str host: description: - Host is the name of the node. (This is the same as the object's name, but @@ -233,6 +244,150 @@ host_subnet: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -268,6 +423,14 @@ host_subnet: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_host_subnet_list.py b/library/openshift_v1_host_subnet_list.py index 10785275..3f1c019d 100644 --- a/library/openshift_v1_host_subnet_list.py +++ b/library/openshift_v1_host_subnet_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -120,6 +116,12 @@ host_subnet_list: Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str + egress_i_ps: + description: + - EgressIPs is the list of automatic egress IP addresses currently hosted + by this node + type: list + contains: str host: description: - Host is the name of the node. (This is the same as the object's name, @@ -220,6 +222,153 @@ host_subnet_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -256,6 +405,14 @@ host_subnet_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_identity.py b/library/openshift_v1_identity.py index 4bf97376..9183a1bc 100644 --- a/library/openshift_v1_identity.py +++ b/library/openshift_v1_identity.py @@ -158,7 +158,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -270,6 +270,150 @@ identity: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -305,6 +449,14 @@ identity: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_identity_list.py b/library/openshift_v1_identity_list.py index 1f5a7e71..e23f96a0 100644 --- a/library/openshift_v1_identity_list.py +++ b/library/openshift_v1_identity_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -215,6 +211,153 @@ identity_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -251,6 +394,14 @@ identity_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_image.py b/library/openshift_v1_image.py index 00d49ca1..326db5c3 100644 --- a/library/openshift_v1_image.py +++ b/library/openshift_v1_image.py @@ -144,7 +144,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -307,6 +307,150 @@ image: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -342,6 +486,14 @@ image: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -559,6 +711,153 @@ image: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -595,6 +894,14 @@ image: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_image_list.py b/library/openshift_v1_image_list.py index 996a435a..bfed4118 100644 --- a/library/openshift_v1_image_list.py +++ b/library/openshift_v1_image_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -266,6 +262,153 @@ image_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -302,6 +445,14 @@ image_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -524,6 +675,158 @@ image_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -561,6 +864,14 @@ image_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_image_signature.py b/library/openshift_v1_image_signature.py index 59462cb9..80b02eda 100644 --- a/library/openshift_v1_image_signature.py +++ b/library/openshift_v1_image_signature.py @@ -35,6 +35,9 @@ options: context: description: - The name of a context found in the Kubernetes config file. + created: + description: + - If specified, it is the time of signature's creation. debug: description: - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log @@ -153,7 +156,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -340,6 +343,150 @@ image_signature: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -375,6 +522,14 @@ image_signature: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_image_stream.py b/library/openshift_v1_image_stream.py index 8fa8096d..96563537 100644 --- a/library/openshift_v1_image_stream.py +++ b/library/openshift_v1_image_stream.py @@ -78,13 +78,25 @@ options: type: dict spec_docker_image_repository: description: - - DockerImageRepository is optional, if specified this stream is backed by a Docker - repository on this server + - 'dockerImageRepository is optional, if specified this stream is backed by a + Docker repository on this server Deprecated: This field is deprecated as of + v3.7 and will be removed in a future release. Specify the source for the tags + to be imported in each tag via the spec.tags.from reference instead.' aliases: - docker_image_repository + spec_lookup_policy_local: + description: + - local will change the docker short image references (like "mysql" or "php:latest") + on objects in this namespace to the image ID whenever they match this image + stream, instead of reaching out to a remote registry. The name will be fully + qualified to an image ID if found. The tag's referencePolicy is taken into account + on the replaced value. Only works within the current namespace. + aliases: + - lookup_policy_local + type: bool spec_tags: description: - - Tags map arbitrary string values to specific image locators + - tags map arbitrary string values to specific image locators aliases: - tags type: list @@ -119,7 +131,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -226,6 +238,150 @@ image_stream: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -261,6 +417,14 @@ image_stream: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -304,18 +468,37 @@ image_stream: contains: docker_image_repository: description: - - DockerImageRepository is optional, if specified this stream is backed - by a Docker repository on this server + - 'dockerImageRepository is optional, if specified this stream is backed + by a Docker repository on this server Deprecated: This field is deprecated + as of v3.7 and will be removed in a future release. Specify the source + for the tags to be imported in each tag via the spec.tags.from reference + instead.' type: str + lookup_policy: + description: + - lookupPolicy controls how other resources reference images within this + namespace. + type: complex + contains: + local: + description: + - local will change the docker short image references (like "mysql" + or "php:latest") on objects in this namespace to the image ID whenever + they match this image stream, instead of reaching out to a remote + registry. The name will be fully qualified to an image ID if found. + The tag's referencePolicy is taken into account on the replaced value. + Only works within the current namespace. + type: bool tags: description: - - Tags map arbitrary string values to specific image locators + - tags map arbitrary string values to specific image locators type: list contains: _from: description: - - From is a reference to an image stream tag or image stream this tag - should track + - Optional; if specified, a reference to another image that this tag + should point to. Valid values are ImageStreamTag, ImageStreamImage, + and DockerImage. type: complex contains: api_version: @@ -356,20 +539,27 @@ image_stream: type: str annotations: description: - - Annotations associated with images using this tag + - Optional; if specified, annotations that are applied to images retrieved + via ImageStreamTags. type: complex contains: str, str generation: description: - - Generation is the image stream generation that updated this tag - - setting it to 0 is an indication that the generation must be updated. - Legacy clients will send this as nil, which means the client doesn't - know or care. + - Generation is a counter that tracks mutations to the spec tag (user + intent). When a tag reference is changed the generation is set to + match the current stream generation (which is incremented every time + spec is changed). Other processes in the system like the image importer + observe that the generation of spec tag is newer than the generation + recorded in the status and use that as a trigger to import the newest + remote tag. To trigger a new import, clients may set this value to + zero which will reset the generation to the latest stream generation. + Legacy clients will send this value as nil which will be merged with + the current tag generation. type: int import_policy: description: - - Import is information that controls how images may be imported by - the server. + - ImportPolicy is information that controls how images may be imported + by the server. type: complex contains: insecure: @@ -393,7 +583,7 @@ image_stream: type: bool reference_policy: description: - - ReferencePolicy defines how other components should consume the image + - ReferencePolicy defines how other components should consume the image. type: complex contains: type: @@ -423,6 +613,12 @@ image_stream: be accessed at. May be empty until the server determines where the repository is located type: str + public_docker_image_repository: + description: + - PublicDockerImageRepository represents the public location from where + the image can be pulled outside the cluster. This field may be empty if + the administrator has not exposed the integrated registry externally. + type: str tags: description: - Tags are a historical record of images associated with each tag. The first diff --git a/library/openshift_v1_image_stream_image.py b/library/openshift_v1_image_stream_image.py index 1964baa8..f247b36f 100644 --- a/library/openshift_v1_image_stream_image.py +++ b/library/openshift_v1_image_stream_image.py @@ -173,7 +173,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -350,6 +350,153 @@ image_stream_image: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -386,6 +533,14 @@ image_stream_image: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -608,6 +763,158 @@ image_stream_image: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -645,6 +952,14 @@ image_stream_image: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -780,6 +1095,150 @@ image_stream_image: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -815,6 +1274,14 @@ image_stream_image: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_image_stream_import.py b/library/openshift_v1_image_stream_import.py index 1c7d0606..893b2c6c 100644 --- a/library/openshift_v1_image_stream_import.py +++ b/library/openshift_v1_image_stream_import.py @@ -172,7 +172,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -279,6 +279,150 @@ image_stream_import: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -314,6 +458,14 @@ image_stream_import: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -659,6 +811,158 @@ image_stream_import: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -696,6 +1000,14 @@ image_stream_import: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -742,18 +1054,38 @@ image_stream_import: contains: docker_image_repository: description: - - DockerImageRepository is optional, if specified this stream is - backed by a Docker repository on this server + - 'dockerImageRepository is optional, if specified this stream is + backed by a Docker repository on this server Deprecated: This + field is deprecated as of v3.7 and will be removed in a future + release. Specify the source for the tags to be imported in each + tag via the spec.tags.from reference instead.' type: str + lookup_policy: + description: + - lookupPolicy controls how other resources reference images within + this namespace. + type: complex + contains: + local: + description: + - local will change the docker short image references (like + "mysql" or "php:latest") on objects in this namespace to the + image ID whenever they match this image stream, instead of + reaching out to a remote registry. The name will be fully + qualified to an image ID if found. The tag's referencePolicy + is taken into account on the replaced value. Only works within + the current namespace. + type: bool tags: description: - - Tags map arbitrary string values to specific image locators + - tags map arbitrary string values to specific image locators type: list contains: _from: description: - - From is a reference to an image stream tag or image stream - this tag should track + - Optional; if specified, a reference to another image that + this tag should point to. Valid values are ImageStreamTag, + ImageStreamImage, and DockerImage. type: complex contains: api_version: @@ -796,20 +1128,28 @@ image_stream_import: type: str annotations: description: - - Annotations associated with images using this tag + - Optional; if specified, annotations that are applied to images + retrieved via ImageStreamTags. type: complex contains: str, str generation: description: - - Generation is the image stream generation that updated this - tag - setting it to 0 is an indication that the generation - must be updated. Legacy clients will send this as nil, which - means the client doesn't know or care. + - Generation is a counter that tracks mutations to the spec + tag (user intent). When a tag reference is changed the generation + is set to match the current stream generation (which is incremented + every time spec is changed). Other processes in the system + like the image importer observe that the generation of spec + tag is newer than the generation recorded in the status and + use that as a trigger to import the newest remote tag. To + trigger a new import, clients may set this value to zero which + will reset the generation to the latest stream generation. + Legacy clients will send this value as nil which will be merged + with the current tag generation. type: int import_policy: description: - - Import is information that controls how images may be imported - by the server. + - ImportPolicy is information that controls how images may be + imported by the server. type: complex contains: insecure: @@ -836,7 +1176,7 @@ image_stream_import: reference_policy: description: - ReferencePolicy defines how other components should consume - the image + the image. type: complex contains: type: @@ -867,6 +1207,13 @@ image_stream_import: may be accessed at. May be empty until the server determines where the repository is located type: str + public_docker_image_repository: + description: + - PublicDockerImageRepository represents the public location from + where the image can be pulled outside the cluster. This field + may be empty if the administrator has not exposed the integrated + registry externally. + type: str tags: description: - Tags are a historical record of images associated with each tag. @@ -1107,6 +1454,162 @@ image_stream_import: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -1145,6 +1648,15 @@ image_stream_import: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -1379,6 +1891,166 @@ image_stream_import: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list + of initializers that have not yet acted on this object. + If nil or empty, this object has been completely initialized. + Otherwise, the object is considered uninitialized and + is hidden (in list/watch and get calls) from clients that + haven't explicitly asked to observe uninitialized objects. + When an object is created, the system will populate this + list with the current set of initializers. Only privileged + users may set or modify this list. Once it is empty, it + may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute + in order before this object is visible. When the last + pending initializer is removed, and no failing result + is set, the initializers struct will be set to nil + and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object + will be persisted to storage and then deleted, ensuring + that other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this + representation of an object. Servers should convert + recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 + if not set. + type: int + details: + description: + - Extended data associated with the reason. Each + reason may define its own extended details. This + field is optional and the data returned is not + guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for + nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an + array of causes due to fields having multiple + errors. Optional. Examples: "name" - the + field "name" on the current resource "items[0].name" + - the field "name" on the first array + entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the + cause of the error. If this value is empty + there is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is + a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the + operation should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single + resource which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this + from the endpoint the client submits requests + to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of + this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal + version of this object that can be used by + clients to determine when objects have changed. + Value must be treated as opaque by clients + and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. + Populated by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or + "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -1417,6 +2089,15 @@ image_stream_import: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -1538,6 +2219,11 @@ image_stream_import: - If specified, the time in seconds before the operation should be retried. type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str kind: description: - Kind is a string value representing the REST resource this object @@ -1767,6 +2453,166 @@ image_stream_import: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list + of initializers that have not yet acted on this object. + If nil or empty, this object has been completely initialized. + Otherwise, the object is considered uninitialized and + is hidden (in list/watch and get calls) from clients that + haven't explicitly asked to observe uninitialized objects. + When an object is created, the system will populate this + list with the current set of initializers. Only privileged + users may set or modify this list. Once it is empty, it + may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute + in order before this object is visible. When the last + pending initializer is removed, and no failing result + is set, the initializers struct will be set to nil + and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object + will be persisted to storage and then deleted, ensuring + that other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this + representation of an object. Servers should convert + recognized schemas to the latest internal value, + and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 + if not set. + type: int + details: + description: + - Extended data associated with the reason. Each + reason may define its own extended details. This + field is optional and the data returned is not + guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for + nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an + array of causes due to fields having multiple + errors. Optional. Examples: "name" - the + field "name" on the current resource "items[0].name" + - the field "name" on the first array + entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the + cause of the error. If this value is empty + there is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is + a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the + operation should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single + resource which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this + from the endpoint the client submits requests + to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of + this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal + version of this object that can be used by + clients to determine when objects have changed. + Value must be treated as opaque by clients + and passed unmodified back to the server. + Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. + Populated by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or + "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -1805,6 +2651,15 @@ image_stream_import: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -2049,6 +2904,174 @@ image_stream_import: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some + system invariant at object creation time. This field + is a list of initializers that have not yet acted + on this object. If nil or empty, this object has been + completely initialized. Otherwise, the object is considered + uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is + created, the system will populate this list with the + current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it + may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute + in order before this object is visible. When the + last pending initializer is removed, and no failing + result is set, the initializers struct will be + set to nil and the object is considered as initialized + and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for + initializing this object. + type: str + result: + description: + - If result is set with the Failure field, the object + will be persisted to storage and then deleted, + ensuring that other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of + this representation of an object. Servers + should convert recognized schemas to the latest + internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, + 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. + Each reason may define its own extended details. + This field is optional and the data returned + is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details + associated with the StatusReason failure. + Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has + caused this error, as named by its + JSON serialization. May include dot + and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may + appear more than once in an array + of causes due to fields having multiple + errors. Optional. Examples: "name" + - the field "name" on the current + resource "items[0].name" - the field + "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the + cause of the error. This field may + be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of + the cause of the error. If this value + is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some + operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there + is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before + the operation should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a + single resource which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST + resource this object represents. Servers may + infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status + of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal + version of this object that can be used + by clients to determine when objects have + changed. Value must be treated as opaque + by clients and passed unmodified back + to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. + Populated by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this + operation is in the "Failure" status. If this + value is empty there is no information available. + A Reason clarifies an HTTP status code but + does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" + or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to @@ -2090,6 +3113,15 @@ image_stream_import: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from + the key-value store until this reference is removed. + Defaults to false. To set this field, a user needs + "delete" permission of the owner, otherwise 422 + (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing @@ -2217,6 +3249,11 @@ image_stream_import: - If specified, the time in seconds before the operation should be retried. type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str kind: description: - Kind is a string value representing the REST resource this @@ -2331,6 +3368,11 @@ image_stream_import: - If specified, the time in seconds before the operation should be retried. type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str kind: description: - Kind is a string value representing the REST resource this object diff --git a/library/openshift_v1_image_stream_list.py b/library/openshift_v1_image_stream_list.py index a60b148e..b2b10781 100644 --- a/library/openshift_v1_image_stream_list.py +++ b/library/openshift_v1_image_stream_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ image_stream_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ image_stream_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -292,18 +443,37 @@ image_stream_list: contains: docker_image_repository: description: - - DockerImageRepository is optional, if specified this stream is backed - by a Docker repository on this server + - 'dockerImageRepository is optional, if specified this stream is backed + by a Docker repository on this server Deprecated: This field is deprecated + as of v3.7 and will be removed in a future release. Specify the source + for the tags to be imported in each tag via the spec.tags.from reference + instead.' type: str + lookup_policy: + description: + - lookupPolicy controls how other resources reference images within + this namespace. + type: complex + contains: + local: + description: + - local will change the docker short image references (like "mysql" + or "php:latest") on objects in this namespace to the image ID + whenever they match this image stream, instead of reaching out + to a remote registry. The name will be fully qualified to an image + ID if found. The tag's referencePolicy is taken into account on + the replaced value. Only works within the current namespace. + type: bool tags: description: - - Tags map arbitrary string values to specific image locators + - tags map arbitrary string values to specific image locators type: list contains: _from: description: - - From is a reference to an image stream tag or image stream this - tag should track + - Optional; if specified, a reference to another image that this + tag should point to. Valid values are ImageStreamTag, ImageStreamImage, + and DockerImage. type: complex contains: api_version: @@ -346,19 +516,27 @@ image_stream_list: type: str annotations: description: - - Annotations associated with images using this tag + - Optional; if specified, annotations that are applied to images + retrieved via ImageStreamTags. type: complex contains: str, str generation: description: - - Generation is the image stream generation that updated this tag - - setting it to 0 is an indication that the generation must be - updated. Legacy clients will send this as nil, which means the - client doesn't know or care. + - Generation is a counter that tracks mutations to the spec tag + (user intent). When a tag reference is changed the generation + is set to match the current stream generation (which is incremented + every time spec is changed). Other processes in the system like + the image importer observe that the generation of spec tag is + newer than the generation recorded in the status and use that + as a trigger to import the newest remote tag. To trigger a new + import, clients may set this value to zero which will reset the + generation to the latest stream generation. Legacy clients will + send this value as nil which will be merged with the current tag + generation. type: int import_policy: description: - - Import is information that controls how images may be imported + - ImportPolicy is information that controls how images may be imported by the server. type: complex contains: @@ -384,7 +562,7 @@ image_stream_list: reference_policy: description: - ReferencePolicy defines how other components should consume the - image + image. type: complex contains: type: @@ -414,6 +592,12 @@ image_stream_list: may be accessed at. May be empty until the server determines where the repository is located type: str + public_docker_image_repository: + description: + - PublicDockerImageRepository represents the public location from where + the image can be pulled outside the cluster. This field may be empty + if the administrator has not exposed the integrated registry externally. + type: str tags: description: - Tags are a historical record of images associated with each tag. The diff --git a/library/openshift_v1_image_stream_mapping.py b/library/openshift_v1_image_stream_mapping.py index 2ff60c36..18572c20 100644 --- a/library/openshift_v1_image_stream_mapping.py +++ b/library/openshift_v1_image_stream_mapping.py @@ -176,7 +176,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -353,6 +353,153 @@ image_stream_mapping: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -389,6 +536,14 @@ image_stream_mapping: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -611,6 +766,158 @@ image_stream_mapping: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -648,6 +955,14 @@ image_stream_mapping: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -783,6 +1098,150 @@ image_stream_mapping: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -818,6 +1277,14 @@ image_stream_mapping: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_image_stream_tag.py b/library/openshift_v1_image_stream_tag.py index 34df319e..59bd562a 100644 --- a/library/openshift_v1_image_stream_tag.py +++ b/library/openshift_v1_image_stream_tag.py @@ -26,7 +26,7 @@ options: type: path conditions: description: - - Conditions is an array of conditions that apply to the image stream tag. + - conditions is an array of conditions that apply to the image stream tag. type: list context: description: @@ -44,9 +44,9 @@ options: type: bool generation: description: - - Generation is the current generation of the tagged image - if tag is provided + - generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import - that has not completed, or Conditions will be filled out indicating any error. + that has not completed, or conditions will be filled out indicating any error. type: int host: description: @@ -156,6 +156,16 @@ options: - Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. type: dict + lookup_policy_local: + description: + - local will change the docker short image references (like "mysql" or "php:latest") + on objects in this namespace to the image ID whenever they match this image + stream, instead of reaching out to a remote registry. The name will be fully + qualified to an image ID if found. The tag's referencePolicy is taken into account + on the replaced value. Only works within the current namespace. + aliases: + - local + type: bool name: description: - Name must be unique within a namespace. Is required when creating resources, @@ -242,15 +252,22 @@ options: - uid tag_annotations: description: - - Annotations associated with images using this tag + - Optional; if specified, annotations that are applied to images retrieved via + ImageStreamTags. aliases: - annotations type: dict tag_generation: description: - - Generation is the image stream generation that updated this tag - setting it - to 0 is an indication that the generation must be updated. Legacy clients will - send this as nil, which means the client doesn't know or care. + - Generation is a counter that tracks mutations to the spec tag (user intent). + When a tag reference is changed the generation is set to match the current stream + generation (which is incremented every time spec is changed). Other processes + in the system like the image importer observe that the generation of spec tag + is newer than the generation recorded in the status and use that as a trigger + to import the newest remote tag. To trigger a new import, clients may set this + value to zero which will reset the generation to the latest stream generation. + Legacy clients will send this value as nil which will be merged with the current + tag generation. aliases: - generation type: int @@ -302,7 +319,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -324,7 +341,7 @@ image_stream_tag: type: str conditions: description: - - Conditions is an array of conditions that apply to the image stream tag. + - conditions is an array of conditions that apply to the image stream tag. type: list contains: generation: @@ -357,14 +374,14 @@ image_stream_tag: type: str generation: description: - - Generation is the current generation of the tagged image - if tag is provided + - generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an - import that has not completed, or Conditions will be filled out indicating + import that has not completed, or conditions will be filled out indicating any error. type: int image: description: - - Image associated with the ImageStream and tag. + - image associated with the ImageStream and tag. type: complex contains: api_version: @@ -519,6 +536,153 @@ image_stream_tag: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -555,6 +719,14 @@ image_stream_tag: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -777,6 +949,158 @@ image_stream_tag: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -814,6 +1138,14 @@ image_stream_tag: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -868,6 +1200,21 @@ image_stream_tag: Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. type: str + lookup_policy: + description: + - lookupPolicy indicates whether this tag will handle image references in this + namespace. + type: complex + contains: + local: + description: + - local will change the docker short image references (like "mysql" or "php:latest") + on objects in this namespace to the image ID whenever they match this + image stream, instead of reaching out to a remote registry. The name will + be fully qualified to an image ID if found. The tag's referencePolicy + is taken into account on the replaced value. Only works within the current + namespace. + type: bool metadata: description: - Standard object's metadata. @@ -949,6 +1296,150 @@ image_stream_tag: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -984,6 +1475,14 @@ image_stream_tag: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -1022,14 +1521,14 @@ image_stream_tag: type: str tag: description: - - Tag is the spec tag associated with this image stream tag, and it may be null + - tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream. type: complex contains: _from: description: - - From is a reference to an image stream tag or image stream this tag should - track + - Optional; if specified, a reference to another image that this tag should + point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. type: complex contains: api_version: @@ -1070,19 +1569,26 @@ image_stream_tag: type: str annotations: description: - - Annotations associated with images using this tag + - Optional; if specified, annotations that are applied to images retrieved + via ImageStreamTags. type: complex contains: str, str generation: description: - - Generation is the image stream generation that updated this tag - setting - it to 0 is an indication that the generation must be updated. Legacy clients - will send this as nil, which means the client doesn't know or care. + - Generation is a counter that tracks mutations to the spec tag (user intent). + When a tag reference is changed the generation is set to match the current + stream generation (which is incremented every time spec is changed). Other + processes in the system like the image importer observe that the generation + of spec tag is newer than the generation recorded in the status and use + that as a trigger to import the newest remote tag. To trigger a new import, + clients may set this value to zero which will reset the generation to + the latest stream generation. Legacy clients will send this value as nil + which will be merged with the current tag generation. type: int import_policy: description: - - Import is information that controls how images may be imported by the - server. + - ImportPolicy is information that controls how images may be imported by + the server. type: complex contains: insecure: @@ -1106,7 +1612,7 @@ image_stream_tag: type: bool reference_policy: description: - - ReferencePolicy defines how other components should consume the image + - ReferencePolicy defines how other components should consume the image. type: complex contains: type: diff --git a/library/openshift_v1_image_stream_tag_list.py b/library/openshift_v1_image_stream_tag_list.py index b00db9c8..1754b733 100644 --- a/library/openshift_v1_image_stream_tag_list.py +++ b/library/openshift_v1_image_stream_tag_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -122,7 +118,7 @@ image_stream_tag_list: type: str conditions: description: - - Conditions is an array of conditions that apply to the image stream tag. + - conditions is an array of conditions that apply to the image stream tag. type: list contains: generation: @@ -156,14 +152,14 @@ image_stream_tag_list: type: str generation: description: - - Generation is the current generation of the tagged image - if tag is provided + - generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested - an import that has not completed, or Conditions will be filled out indicating + an import that has not completed, or conditions will be filled out indicating any error. type: int image: description: - - Image associated with the ImageStream and tag. + - image associated with the ImageStream and tag. type: complex contains: api_version: @@ -320,6 +316,158 @@ image_stream_tag_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -357,6 +505,14 @@ image_stream_tag_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -586,6 +742,162 @@ image_stream_tag_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -624,6 +936,15 @@ image_stream_tag_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -679,6 +1000,21 @@ image_stream_tag_list: Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. type: str + lookup_policy: + description: + - lookupPolicy indicates whether this tag will handle image references in + this namespace. + type: complex + contains: + local: + description: + - local will change the docker short image references (like "mysql" + or "php:latest") on objects in this namespace to the image ID whenever + they match this image stream, instead of reaching out to a remote + registry. The name will be fully qualified to an image ID if found. + The tag's referencePolicy is taken into account on the replaced value. + Only works within the current namespace. + type: bool metadata: description: - Standard object's metadata. @@ -763,6 +1099,153 @@ image_stream_tag_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -799,6 +1282,14 @@ image_stream_tag_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -840,14 +1331,15 @@ image_stream_tag_list: type: str tag: description: - - Tag is the spec tag associated with this image stream tag, and it may + - tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream. type: complex contains: _from: description: - - From is a reference to an image stream tag or image stream this tag - should track + - Optional; if specified, a reference to another image that this tag + should point to. Valid values are ImageStreamTag, ImageStreamImage, + and DockerImage. type: complex contains: api_version: @@ -888,20 +1380,27 @@ image_stream_tag_list: type: str annotations: description: - - Annotations associated with images using this tag + - Optional; if specified, annotations that are applied to images retrieved + via ImageStreamTags. type: complex contains: str, str generation: description: - - Generation is the image stream generation that updated this tag - - setting it to 0 is an indication that the generation must be updated. - Legacy clients will send this as nil, which means the client doesn't - know or care. + - Generation is a counter that tracks mutations to the spec tag (user + intent). When a tag reference is changed the generation is set to + match the current stream generation (which is incremented every time + spec is changed). Other processes in the system like the image importer + observe that the generation of spec tag is newer than the generation + recorded in the status and use that as a trigger to import the newest + remote tag. To trigger a new import, clients may set this value to + zero which will reset the generation to the latest stream generation. + Legacy clients will send this value as nil which will be merged with + the current tag generation. type: int import_policy: description: - - Import is information that controls how images may be imported by - the server. + - ImportPolicy is information that controls how images may be imported + by the server. type: complex contains: insecure: @@ -925,7 +1424,7 @@ image_stream_tag_list: type: bool reference_policy: description: - - ReferencePolicy defines how other components should consume the image + - ReferencePolicy defines how other components should consume the image. type: complex contains: type: diff --git a/library/openshift_v1_net_namespace.py b/library/openshift_v1_net_namespace.py index cb531612..d8a0914e 100644 --- a/library/openshift_v1_net_namespace.py +++ b/library/openshift_v1_net_namespace.py @@ -32,6 +32,12 @@ options: - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log default: false type: bool + egress_i_ps: + description: + - EgressIPs is a list of reserved IPs that will be used as the source for external + traffic coming from pods in this namespace. (If empty, external traffic will + be masqueraded to Node IPs.) + type: list force: description: - If set to C(True), and I(state) is C(present), an existing object will updated, @@ -71,7 +77,7 @@ options: netid: description: - NetID is the network identifier of the network namespace assigned to each overlay - network packet. This can be manipulated with the "oadm pod-network" commands. + network packet. This can be manipulated with the "oc adm pod-network" commands. type: int netname: description: @@ -116,7 +122,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -136,6 +142,13 @@ net_namespace: Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str + egress_i_ps: + description: + - EgressIPs is a list of reserved IPs that will be used as the source for external + traffic coming from pods in this namespace. (If empty, external traffic will + be masqueraded to Node IPs.) + type: list + contains: str kind: description: - Kind is a string value representing the REST resource this object represents. @@ -223,6 +236,150 @@ net_namespace: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -258,6 +415,14 @@ net_namespace: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -297,7 +462,7 @@ net_namespace: netid: description: - NetID is the network identifier of the network namespace assigned to each - overlay network packet. This can be manipulated with the "oadm pod-network" + overlay network packet. This can be manipulated with the "oc adm pod-network" commands. type: int netname: diff --git a/library/openshift_v1_net_namespace_list.py b/library/openshift_v1_net_namespace_list.py index a6b6febd..5ffb362d 100644 --- a/library/openshift_v1_net_namespace_list.py +++ b/library/openshift_v1_net_namespace_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -120,6 +116,13 @@ net_namespace_list: Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str + egress_i_ps: + description: + - EgressIPs is a list of reserved IPs that will be used as the source for + external traffic coming from pods in this namespace. (If empty, external + traffic will be masqueraded to Node IPs.) + type: list + contains: str kind: description: - Kind is a string value representing the REST resource this object represents. @@ -210,6 +213,153 @@ net_namespace_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +396,14 @@ net_namespace_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -288,7 +446,7 @@ net_namespace_list: netid: description: - NetID is the network identifier of the network namespace assigned to each - overlay network packet. This can be manipulated with the "oadm pod-network" + overlay network packet. This can be manipulated with the "oc adm pod-network" commands. type: int netname: diff --git a/library/openshift_v1_o_auth_access_token.py b/library/openshift_v1_o_auth_access_token.py index 05deb2a8..77e6db8c 100644 --- a/library/openshift_v1_o_auth_access_token.py +++ b/library/openshift_v1_o_auth_access_token.py @@ -133,7 +133,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -252,6 +252,150 @@ o_auth_access_token: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -287,6 +431,14 @@ o_auth_access_token: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_o_auth_access_token_list.py b/library/openshift_v1_o_auth_access_token_list.py index 82dd9c2e..07477d4f 100644 --- a/library/openshift_v1_o_auth_access_token_list.py +++ b/library/openshift_v1_o_auth_access_token_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -222,6 +218,153 @@ o_auth_access_token_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -258,6 +401,14 @@ o_auth_access_token_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_o_auth_authorize_token.py b/library/openshift_v1_o_auth_authorize_token.py index 50560dd5..e465a2b9 100644 --- a/library/openshift_v1_o_auth_authorize_token.py +++ b/library/openshift_v1_o_auth_authorize_token.py @@ -125,7 +125,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -250,6 +250,150 @@ o_auth_authorize_token: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -285,6 +429,14 @@ o_auth_authorize_token: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_o_auth_authorize_token_list.py b/library/openshift_v1_o_auth_authorize_token_list.py index da7db244..9441c5ce 100644 --- a/library/openshift_v1_o_auth_authorize_token_list.py +++ b/library/openshift_v1_o_auth_authorize_token_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -228,6 +224,153 @@ o_auth_authorize_token_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -264,6 +407,14 @@ o_auth_authorize_token_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_o_auth_client.py b/library/openshift_v1_o_auth_client.py index 5a0a2a77..bb212c57 100644 --- a/library/openshift_v1_o_auth_client.py +++ b/library/openshift_v1_o_auth_client.py @@ -11,6 +11,11 @@ description: version_added: 2.3.0 author: OpenShift (@openshift) options: + access_token_max_age_seconds: + description: + - AccessTokenMaxAgeSeconds overrides the default access token max age for tokens + granted to this client. 0 means no expiration. + type: int additional_secrets: description: - AdditionalSecrets holds other secrets that may be used to identify the client. @@ -138,7 +143,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -152,6 +157,11 @@ o_auth_client: type: complex returned: when I(state) = C(present) contains: + access_token_max_age_seconds: + description: + - AccessTokenMaxAgeSeconds overrides the default access token max age for tokens + granted to this client. 0 means no expiration. + type: int additional_secrets: description: - AdditionalSecrets holds other secrets that may be used to identify the client. @@ -260,6 +270,150 @@ o_auth_client: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -295,6 +449,14 @@ o_auth_client: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_o_auth_client_authorization.py b/library/openshift_v1_o_auth_client_authorization.py index 668b6895..bcb555fc 100644 --- a/library/openshift_v1_o_auth_client_authorization.py +++ b/library/openshift_v1_o_auth_client_authorization.py @@ -121,7 +121,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -232,6 +232,150 @@ o_auth_client_authorization: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -267,6 +411,14 @@ o_auth_client_authorization: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_o_auth_client_authorization_list.py b/library/openshift_v1_o_auth_client_authorization_list.py index edd0a183..0f43e09d 100644 --- a/library/openshift_v1_o_auth_client_authorization_list.py +++ b/library/openshift_v1_o_auth_client_authorization_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -214,6 +210,153 @@ o_auth_client_authorization_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -250,6 +393,14 @@ o_auth_client_authorization_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_o_auth_client_list.py b/library/openshift_v1_o_auth_client_list.py index 6e7dd9d0..34bc07cd 100644 --- a/library/openshift_v1_o_auth_client_list.py +++ b/library/openshift_v1_o_auth_client_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -114,6 +110,11 @@ o_auth_client_list: - Items is the list of OAuth clients type: list contains: + access_token_max_age_seconds: + description: + - AccessTokenMaxAgeSeconds overrides the default access token max age for + tokens granted to this client. 0 means no expiration. + type: int additional_secrets: description: - AdditionalSecrets holds other secrets that may be used to identify the @@ -225,6 +226,153 @@ o_auth_client_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -261,6 +409,14 @@ o_auth_client_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_pod_security_policy_review.py b/library/openshift_v1_pod_security_policy_review.py index cf113365..b5bfeb6d 100644 --- a/library/openshift_v1_pod_security_policy_review.py +++ b/library/openshift_v1_pod_security_policy_review.py @@ -88,6 +88,98 @@ options: aliases: - active_deadline_seconds type: int + spec_template_spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + spec_template_spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - automount_service_account_token + type: bool spec_template_spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -97,10 +189,18 @@ options: type: list spec_template_spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - dns_policy + spec_template_spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - host_aliases + type: list spec_template_spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -136,6 +236,21 @@ options: aliases: - image_pull_secrets type: list + spec_template_spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - init_containers + type: list spec_template_spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -157,6 +272,12 @@ options: Never. Default to Always. aliases: - restart_policy + spec_template_spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - scheduler_name spec_template_spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -245,6 +366,12 @@ options: aliases: - termination_grace_period_seconds type: int + spec_template_spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - tolerations + type: list spec_template_spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. @@ -263,7 +390,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -397,6 +524,158 @@ pod_security_policy_review: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -434,6 +713,14 @@ pod_security_policy_review: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -485,6 +772,493 @@ pod_security_policy_review: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -556,11 +1330,17 @@ pod_security_policy_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -589,8 +1369,7 @@ pod_security_policy_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -609,6 +1388,53 @@ pod_security_policy_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -685,8 +1511,7 @@ pod_security_policy_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -698,13 +1523,17 @@ pod_security_policy_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -767,8 +1596,7 @@ pod_security_policy_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -780,13 +1608,17 @@ pod_security_policy_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -850,8 +1682,7 @@ pod_security_policy_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -879,13 +1710,17 @@ pod_security_policy_review: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -997,8 +1832,7 @@ pod_security_policy_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1026,13 +1860,17 @@ pod_security_policy_review: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1048,7 +1886,7 @@ pod_security_policy_review: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1056,10 +1894,10 @@ pod_security_policy_review: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1160,7 +1998,20 @@ pod_security_policy_review: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -1200,9 +2051,27 @@ pod_security_policy_review: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1235,6 +2104,805 @@ pod_security_policy_review: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -1253,6 +2921,11 @@ pod_security_policy_review: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1349,6 +3022,46 @@ pod_security_policy_review: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -1412,6 +3125,13 @@ pod_security_policy_review: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -1521,9 +3241,9 @@ pod_security_policy_review: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -1549,6 +3269,10 @@ pod_security_policy_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -1617,8 +3341,7 @@ pod_security_policy_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1635,6 +3358,15 @@ pod_security_policy_review: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -1809,6 +3541,14 @@ pod_security_policy_review: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -1829,11 +3569,27 @@ pod_security_policy_review: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -1895,6 +3651,209 @@ pod_security_policy_review: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -1977,6 +3936,67 @@ pod_security_policy_review: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -1999,8 +4019,9 @@ pod_security_policy_review: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -2022,10 +4043,58 @@ pod_security_policy_review: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -2038,6 +4107,15 @@ pod_security_policy_review: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk @@ -2201,6 +4279,162 @@ pod_security_policy_review: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -2239,6 +4473,15 @@ pod_security_policy_review: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -2291,6 +4534,510 @@ pod_security_policy_review: try to mark it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the + system may or may not try to eventually evict the + pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies + to. + type: str + operator: + description: + - Represents a key's relationship to a set + of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must + be non-empty. If the operator is Exists + or DoesNotExist, the values array must + be empty. If the operator is Gt or Lt, + the values array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by + this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system will try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must + be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field + are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid + putting this pod in the same node, zone, etc. as some + other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by + iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches + the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with + the corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in + this case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators + ard In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the + labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or + not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + For PreferredDuringScheduling pod anti-affinity, + empty topologyKey is interpreted as "all topologies" + ("all topologies" here means all the topologyKeys + indicated by scheduler command-line argument + --failure-domains); for affinity and for RequiredDuringScheduling + pod anti-affinity, empty topologyKey is not + allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it + is implemented. If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this + field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system will + try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this + field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot @@ -2364,11 +5111,17 @@ pod_security_policy_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -2398,8 +5151,7 @@ pod_security_policy_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -2418,6 +5170,53 @@ pod_security_policy_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -2496,8 +5295,7 @@ pod_security_policy_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -2509,13 +5307,17 @@ pod_security_policy_review: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is @@ -2579,8 +5381,7 @@ pod_security_policy_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. @@ -2592,13 +5393,17 @@ pod_security_policy_review: port. TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be @@ -2663,8 +5468,7 @@ pod_security_policy_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -2692,13 +5496,17 @@ pod_security_policy_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -2814,8 +5622,7 @@ pod_security_policy_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -2843,13 +5650,17 @@ pod_security_policy_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. @@ -2866,7 +5677,7 @@ pod_security_policy_review: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -2874,10 +5685,10 @@ pod_security_policy_review: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -2983,8 +5794,21 @@ pod_security_policy_review: \ termination message will be written is mounted into\ \ the container's filesystem. Message written is intended\ \ to be brief final status, such as an assertion failure\ - \ message. Defaults to /dev/termination-log. Cannot be\ - \ updated." + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. type: str tty: description: @@ -3025,9 +5849,27 @@ pod_security_policy_review: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To + have DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will + be injected into the pod's hosts file if specified. This is + only valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -3061,6 +5903,825 @@ pod_security_policy_review: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init + containers are executed in order prior to containers being + started. If any init container fails, the pod is considered + to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be + unique among all containers. Init containers may not have + Lifecycle actions, Readiness probes, or Liveness probes. The + resourceRequirements of an init container are taken into account + during scheduling by finding the highest request/limit for + each resource type, and then using the max of of that value + or the sum of the normal containers. Limits are applied to + init containers in a similar fashion. Init containers cannot + currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is\ + \ used if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a\ + \ variable cannot be resolved, the reference in the input\ + \ string will be unchanged. The $(VAR_NAME) syntax can\ + \ be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided.\ + \ Variable references $(VAR_NAME) are expanded using the\ + \ container's environment. If a variable cannot be resolved,\ + \ the reference in the input string will be unchanged.\ + \ The $(VAR_NAME) syntax can be escaped with a double\ + \ $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists\ + \ or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. + Cannot be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the + container and any service environment variables. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot + be used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key + must be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently + supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must + be a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must + be defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the + container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an + event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env + with a duplicate key will take precedence. Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container + is created. If the handler fails, the container is + terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is + terminated. The container is terminated after the + handler completes. The reason for termination is passed + to the handler. Regardless of the outcome of the handler, + the container is eventually terminated. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run + inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP + allows repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. + Defaults to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults + to the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the + container. Number must be in the range 1 to + 65535. Name must be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be + restarted if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be + updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a + port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will + be accessible from the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If + HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have + a unique name. Name for the port that can be referred + to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to + "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. + Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started + before liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be + updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted + by the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the + host. Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image + at runtime to ensure that it does not run as UID 0 + (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate + a random SELinux context for each container. May also + be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the + container. + type: str + role: + description: + - Role is a SELinux role label that applies to the + container. + type: str + type: + description: + - Type is a SELinux type label that applies to the + container. + type: str + user: + description: + - User is a SELinux user label that applies to the + container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default + is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple + attach sessions. If stdinOnce is set to true, stdin is + opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into\ + \ the container's filesystem. Message written is intended\ + \ to be brief final status, such as an assertion failure\ + \ message. Will be truncated by the node if greater than\ + \ 4096 bytes. The total message length across all containers\ + \ will be limited to 12kb. Defaults to /dev/termination-log.\ + \ Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to + populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, + also requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. + Cannot be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should + be mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific @@ -3079,6 +6740,11 @@ pod_security_policy_review: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -3177,6 +6843,46 @@ pod_security_policy_review: Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a + pod can tolerate all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If + the operator is Exists, the value should be empty, otherwise + just a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging @@ -3241,6 +6947,13 @@ pod_security_policy_review: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will @@ -3353,8 +7066,9 @@ pod_security_policy_review: projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will - error. Paths must be relative and may not contain - the '..' path or start with '..'. + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. type: list contains: key: @@ -3381,6 +7095,11 @@ pod_security_policy_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be + defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that @@ -3451,8 +7170,7 @@ pod_security_policy_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -3469,6 +7187,16 @@ pod_security_policy_review: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir + would be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that the + limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached @@ -3646,6 +7374,14 @@ pod_security_policy_review: to a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -3666,11 +7402,27 @@ pod_security_policy_review: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an + IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or @@ -3734,6 +7486,217 @@ pod_security_policy_review: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and + mounted on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to + be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and + downward API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must + be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will + be projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys + must be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: + only annotations, labels, name and namespace + are supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath + is written in terms of, defaults to + "v1". + type: str + field_path: + description: + - Path of the field to select in the + specified API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not\ + \ be absolute or contain the '..' path.\ + \ Must be utf-8 encoded. The first item\ + \ of the relative path must not start\ + \ with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the + exposed resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the + Data field of the referenced Secret will be + projected into the volume as a file whose + name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If + not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the + key to. May not be an absolute path. May + not contain the path element '..'. May + not start with the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must + be defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -3817,6 +7780,68 @@ pod_security_policy_review: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured + storage (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user + and other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should + be thick or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -3839,9 +7864,9 @@ pod_security_policy_review: is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is - not present in the Secret, the volume setup will error. - Paths must be relative and may not contain the '..' - path or start with '..'. + not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. type: list contains: key: @@ -3864,10 +7889,60 @@ pod_security_policy_review: path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type + supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then + the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and @@ -3881,6 +7956,15 @@ pod_security_policy_review: "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/openshift_v1_pod_security_policy_self_subject_review.py b/library/openshift_v1_pod_security_policy_self_subject_review.py index a350fd7d..ad519937 100644 --- a/library/openshift_v1_pod_security_policy_self_subject_review.py +++ b/library/openshift_v1_pod_security_policy_self_subject_review.py @@ -79,6 +79,98 @@ options: aliases: - active_deadline_seconds type: int + spec_template_spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + spec_template_spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - automount_service_account_token + type: bool spec_template_spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -88,10 +180,18 @@ options: type: list spec_template_spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - dns_policy + spec_template_spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - host_aliases + type: list spec_template_spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -127,6 +227,21 @@ options: aliases: - image_pull_secrets type: list + spec_template_spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - init_containers + type: list spec_template_spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -148,6 +263,12 @@ options: Never. Default to Always. aliases: - restart_policy + spec_template_spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - scheduler_name spec_template_spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -236,6 +357,12 @@ options: aliases: - termination_grace_period_seconds type: int + spec_template_spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - tolerations + type: list spec_template_spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. @@ -254,7 +381,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -376,6 +503,158 @@ pod_security_policy_self_subject_review: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -413,6 +692,14 @@ pod_security_policy_self_subject_review: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -464,6 +751,493 @@ pod_security_policy_self_subject_review: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -535,11 +1309,17 @@ pod_security_policy_self_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -568,8 +1348,7 @@ pod_security_policy_self_subject_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -588,6 +1367,53 @@ pod_security_policy_self_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -664,8 +1490,7 @@ pod_security_policy_self_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -677,13 +1502,17 @@ pod_security_policy_self_subject_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -746,8 +1575,7 @@ pod_security_policy_self_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -759,13 +1587,17 @@ pod_security_policy_self_subject_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -829,8 +1661,7 @@ pod_security_policy_self_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -858,13 +1689,17 @@ pod_security_policy_self_subject_review: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -976,8 +1811,7 @@ pod_security_policy_self_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1005,13 +1839,17 @@ pod_security_policy_self_subject_review: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1027,7 +1865,7 @@ pod_security_policy_self_subject_review: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1035,10 +1873,10 @@ pod_security_policy_self_subject_review: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1139,7 +1977,20 @@ pod_security_policy_self_subject_review: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -1179,9 +2030,27 @@ pod_security_policy_self_subject_review: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1214,6 +2083,805 @@ pod_security_policy_self_subject_review: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -1232,6 +2900,11 @@ pod_security_policy_self_subject_review: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1328,6 +3001,46 @@ pod_security_policy_self_subject_review: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -1391,6 +3104,13 @@ pod_security_policy_self_subject_review: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -1500,9 +3220,9 @@ pod_security_policy_self_subject_review: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -1528,6 +3248,10 @@ pod_security_policy_self_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -1596,8 +3320,7 @@ pod_security_policy_self_subject_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1614,6 +3337,15 @@ pod_security_policy_self_subject_review: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -1788,6 +3520,14 @@ pod_security_policy_self_subject_review: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -1808,11 +3548,27 @@ pod_security_policy_self_subject_review: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -1874,6 +3630,209 @@ pod_security_policy_self_subject_review: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -1956,6 +3915,67 @@ pod_security_policy_self_subject_review: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -1978,8 +3998,9 @@ pod_security_policy_self_subject_review: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -2001,10 +4022,58 @@ pod_security_policy_self_subject_review: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -2017,6 +4086,15 @@ pod_security_policy_self_subject_review: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk @@ -2165,6 +4243,158 @@ pod_security_policy_self_subject_review: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -2202,6 +4432,14 @@ pod_security_policy_self_subject_review: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -2253,6 +4491,493 @@ pod_security_policy_self_subject_review: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -2324,11 +5049,17 @@ pod_security_policy_self_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -2357,8 +5088,7 @@ pod_security_policy_self_subject_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -2377,6 +5107,53 @@ pod_security_policy_self_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -2453,8 +5230,7 @@ pod_security_policy_self_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -2466,13 +5242,17 @@ pod_security_policy_self_subject_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -2535,8 +5315,7 @@ pod_security_policy_self_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -2548,13 +5327,17 @@ pod_security_policy_self_subject_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -2618,8 +5401,7 @@ pod_security_policy_self_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -2647,13 +5429,17 @@ pod_security_policy_self_subject_review: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -2765,8 +5551,7 @@ pod_security_policy_self_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -2794,13 +5579,17 @@ pod_security_policy_self_subject_review: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -2816,7 +5605,7 @@ pod_security_policy_self_subject_review: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -2824,10 +5613,10 @@ pod_security_policy_self_subject_review: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -2928,7 +5717,20 @@ pod_security_policy_self_subject_review: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -2968,9 +5770,27 @@ pod_security_policy_self_subject_review: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -3003,6 +5823,805 @@ pod_security_policy_self_subject_review: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -3021,6 +6640,11 @@ pod_security_policy_self_subject_review: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -3117,6 +6741,46 @@ pod_security_policy_self_subject_review: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -3180,6 +6844,13 @@ pod_security_policy_self_subject_review: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -3289,9 +6960,9 @@ pod_security_policy_self_subject_review: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -3317,6 +6988,10 @@ pod_security_policy_self_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -3385,8 +7060,7 @@ pod_security_policy_self_subject_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -3403,6 +7077,15 @@ pod_security_policy_self_subject_review: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -3577,6 +7260,14 @@ pod_security_policy_self_subject_review: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -3597,11 +7288,27 @@ pod_security_policy_self_subject_review: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -3663,6 +7370,209 @@ pod_security_policy_self_subject_review: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -3745,6 +7655,67 @@ pod_security_policy_self_subject_review: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -3767,8 +7738,9 @@ pod_security_policy_self_subject_review: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -3790,10 +7762,58 @@ pod_security_policy_self_subject_review: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -3806,6 +7826,15 @@ pod_security_policy_self_subject_review: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/openshift_v1_pod_security_policy_subject_review.py b/library/openshift_v1_pod_security_policy_subject_review.py index 188aa7d0..bc4d6075 100644 --- a/library/openshift_v1_pod_security_policy_subject_review.py +++ b/library/openshift_v1_pod_security_policy_subject_review.py @@ -85,6 +85,98 @@ options: aliases: - active_deadline_seconds type: int + spec_template_spec_affinity_node_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_node_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms: + description: + - Required. A list of node selector terms. The terms are ORed. + aliases: + - affinity_node_affinity_required_during_scheduling_ignored_during_execution_node_selector_terms + type: list + spec_template_spec_affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it may choose a node that violates + one or more of the expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + aliases: + - affinity_pod_anti_affinity_preferred_during_scheduling_ignored_during_execution + type: list + spec_template_spec_affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. If the anti-affinity + requirements specified by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod execution (e.g. due to + a pod label update), the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field are not met at scheduling + time, the pod will not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. all terms must be + satisfied.' + aliases: + - affinity_pod_anti_affinity_required_during_scheduling_ignored_during_execution + type: list + spec_template_spec_automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account token should + be automatically mounted. + aliases: + - automount_service_account_token + type: bool spec_template_spec_containers: description: - List of containers belonging to the pod. Containers cannot currently be added @@ -94,10 +186,18 @@ options: type: list spec_template_spec_dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' or 'Default'. - Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have DNS options + set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. aliases: - dns_policy + spec_template_spec_host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be injected into + the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + aliases: + - host_aliases + type: list spec_template_spec_host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -133,6 +233,21 @@ options: aliases: - image_pull_secrets type: list + spec_template_spec_init_containers: + description: + - List of initialization containers belonging to the pod. Init containers are + executed in order prior to containers being started. If any init container fails, + the pod is considered to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique among all + containers. Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container are taken + into account during scheduling by finding the highest request/limit for each + resource type, and then using the max of of that value or the sum of the normal + containers. Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + aliases: + - init_containers + type: list spec_template_spec_node_name: description: - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, @@ -154,6 +269,12 @@ options: Never. Default to Always. aliases: - restart_policy + spec_template_spec_scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + aliases: + - scheduler_name spec_template_spec_security_context_fs_group: description: - "A special supplemental group that applies to all containers in a pod. Some\ @@ -242,6 +363,12 @@ options: aliases: - termination_grace_period_seconds type: int + spec_template_spec_tolerations: + description: + - If specified, the pod's tolerations. + aliases: + - tolerations + type: list spec_template_spec_volumes: description: - List of volumes that can be mounted by containers belonging to the pod. @@ -268,7 +395,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -396,6 +523,158 @@ pod_security_policy_subject_review: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -433,6 +712,14 @@ pod_security_policy_subject_review: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -484,6 +771,493 @@ pod_security_policy_subject_review: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -555,11 +1329,17 @@ pod_security_policy_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -588,8 +1368,7 @@ pod_security_policy_subject_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -608,6 +1387,53 @@ pod_security_policy_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -684,8 +1510,7 @@ pod_security_policy_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -697,13 +1522,17 @@ pod_security_policy_subject_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -766,8 +1595,7 @@ pod_security_policy_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -779,13 +1607,17 @@ pod_security_policy_subject_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -849,8 +1681,7 @@ pod_security_policy_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -878,13 +1709,17 @@ pod_security_policy_subject_review: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -996,8 +1831,7 @@ pod_security_policy_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -1025,13 +1859,17 @@ pod_security_policy_subject_review: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -1047,7 +1885,7 @@ pod_security_policy_subject_review: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -1055,10 +1893,10 @@ pod_security_policy_subject_review: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -1159,7 +1997,20 @@ pod_security_policy_subject_review: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -1199,9 +2050,27 @@ pod_security_policy_subject_review: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -1234,6 +2103,805 @@ pod_security_policy_subject_review: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -1252,6 +2920,11 @@ pod_security_policy_subject_review: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -1348,6 +3021,46 @@ pod_security_policy_subject_review: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -1411,6 +3124,13 @@ pod_security_policy_subject_review: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -1520,9 +3240,9 @@ pod_security_policy_subject_review: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -1548,6 +3268,10 @@ pod_security_policy_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -1616,8 +3340,7 @@ pod_security_policy_subject_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -1634,6 +3357,15 @@ pod_security_policy_subject_review: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -1808,6 +3540,14 @@ pod_security_policy_subject_review: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -1828,11 +3568,27 @@ pod_security_policy_subject_review: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -1894,6 +3650,209 @@ pod_security_policy_subject_review: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -1976,6 +3935,67 @@ pod_security_policy_subject_review: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -1998,8 +4018,9 @@ pod_security_policy_subject_review: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -2021,10 +4042,58 @@ pod_security_policy_subject_review: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -2037,6 +4106,15 @@ pod_security_policy_subject_review: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk @@ -2192,6 +4270,158 @@ pod_security_policy_subject_review: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and @@ -2229,6 +4459,14 @@ pod_security_policy_subject_review: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -2280,6 +4518,493 @@ pod_security_policy_subject_review: it failed and kill associated containers. Value must be a positive integer. type: int + affinity: + description: + - If specified, the pod's scheduling constraints + type: complex + contains: + node_affinity: + description: + - Describes node affinity scheduling rules for the pod. + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + type: list + contains: + preference: + description: + - A node selector term, associated with the corresponding + weight. + type: complex + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + weight: + description: + - Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + type: complex + contains: + node_selector_terms: + description: + - Required. A list of node selector terms. The terms + are ORed. + type: list + contains: + match_expressions: + description: + - Required. A list of node selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - The label key that the selector applies to. + type: str + operator: + description: + - Represents a key's relationship to a set of + values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: str + values: + description: + - An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced during + a strategic merge patch. + type: list + contains: str + pod_affinity: + description: + - Describes pod affinity scheduling rules (e.g. co-locate this + pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of + the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system will try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the affinity requirements specified by this field are + not met at scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + pod_anti_affinity: + description: + - Describes pod anti-affinity scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. as some other pod(s)). + type: complex + contains: + preferred_during_scheduling_ignored_during_execution: + description: + - The scheduler will prefer to schedule pods to nodes that + satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is + the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + type: list + contains: + pod_affinity_term: + description: + - Required. A pod affinity term, associated with the + corresponding weight. + type: complex + contains: + label_selector: + description: + - A label query over a set of resources, in this + case pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector + applies to. + type: str + operator: + description: + - operator represents a key's relationship + to a set of values. Valid operators ard + In, NotIn, Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. This array is replaced + during a strategic merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map + is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list + means "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not + co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means + all the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and + for RequiredDuringScheduling pod anti-affinity, + empty topologyKey is not allowed. + type: str + weight: + description: + - weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: int + required_during_scheduling_ignored_during_execution: + description: + - 'NOT YET IMPLEMENTED. TODO: Uncomment field once it is + implemented. If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system will try to eventually evict the pod + from its node. When there are multiple elements, the lists + of nodes corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. RequiredDuringSchedulingRequiredDuringExecution + []PodAffinityTerm `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` + If the anti-affinity requirements specified by this field + are not met at scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements specified + by this field cease to be met at some point during pod + execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied.' + type: list + contains: + label_selector: + description: + - A label query over a set of resources, in this case + pods. + type: complex + contains: + match_expressions: + description: + - matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: list + contains: + key: + description: + - key is the label key that the selector applies + to. + type: str + operator: + description: + - operator represents a key's relationship to + a set of values. Valid operators ard In, NotIn, + Exists and DoesNotExist. + type: str + values: + description: + - values is an array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. This array is replaced during a strategic + merge patch. + type: list + contains: str + match_labels: + description: + - matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values + array contains only "value". The requirements + are ANDed. + type: complex + contains: str, str + namespaces: + description: + - namespaces specifies which namespaces the labelSelector + applies to (matches against); null or empty list means + "this pod's namespace" + type: list + contains: str + topology_key: + description: + - This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector + in the specified namespaces, where co-located is defined + as running on a node whose value of the label with + key topologyKey matches that of any node on which + any of the selected pods is running. For PreferredDuringScheduling + pod anti-affinity, empty topologyKey is interpreted + as "all topologies" ("all topologies" here means all + the topologyKeys indicated by scheduler command-line + argument --failure-domains); for affinity and for + RequiredDuringScheduling pod anti-affinity, empty + topologyKey is not allowed. + type: str + automount_service_account_token: + description: + - AutomountServiceAccountToken indicates whether a service account + token should be automatically mounted. + type: bool containers: description: - List of containers belonging to the pod. Containers cannot currently @@ -2351,11 +5076,17 @@ pod_security_policy_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool field_ref: description: - 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.podIP.' + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' type: complex contains: api_version: @@ -2384,8 +5115,7 @@ pod_security_policy_subject_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -2404,6 +5134,53 @@ pod_security_policy_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool image: description: - Docker image name. @@ -2480,8 +5257,7 @@ pod_security_policy_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -2493,13 +5269,17 @@ pod_security_policy_subject_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str pre_stop: description: - PreStop is called immediately before a container is terminated. @@ -2562,8 +5342,7 @@ pod_security_policy_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -2575,13 +5354,17 @@ pod_security_policy_subject_review: TCP hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str liveness_probe: description: - Periodic probe of container liveness. Container will be restarted @@ -2645,8 +5428,7 @@ pod_security_policy_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -2674,13 +5456,17 @@ pod_security_policy_subject_review: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -2792,8 +5578,7 @@ pod_security_policy_subject_review: - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str scheme: description: - Scheme to use for connecting to the host. Defaults @@ -2821,13 +5606,17 @@ pod_security_policy_subject_review: hooks not yet supported type: complex contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str port: description: - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - type: complex - contains: {} + type: str timeout_seconds: description: - Number of seconds after which the probe times out. Defaults @@ -2843,7 +5632,7 @@ pod_security_policy_subject_review: - Limits describes the maximum amount of compute resources allowed. type: complex - contains: str, ResourceQuantity + contains: str, str requests: description: - Requests describes the minimum amount of compute resources @@ -2851,10 +5640,10 @@ pod_security_policy_subject_review: to Limits if that is explicitly specified, otherwise to an implementation-defined value. type: complex - contains: str, ResourceQuantity + contains: str, str security_context: description: - - Security options the pod should run with. + - 'Security options the pod should run with. More info:' type: complex contains: capabilities: @@ -2955,7 +5744,20 @@ pod_security_policy_subject_review: \ termination message will be written is mounted into the\ \ container's filesystem. Message written is intended to be\ \ brief final status, such as an assertion failure message.\ - \ Defaults to /dev/termination-log. Cannot be updated." + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: str tty: description: @@ -2995,9 +5797,27 @@ pod_security_policy_subject_review: type: str dns_policy: description: - - Set DNS policy for containers within the pod. One of 'ClusterFirst' - or 'Default'. Defaults to "ClusterFirst". + - Set DNS policy for containers within the pod. One of 'ClusterFirstWithHostNet', + 'ClusterFirst' or 'Default'. Defaults to "ClusterFirst". To have + DNS options set along with hostNetwork, you have to specify DNS + policy explicitly to 'ClusterFirstWithHostNet'. type: str + host_aliases: + description: + - HostAliases is an optional list of hosts and IPs that will be + injected into the pod's hosts file if specified. This is only + valid for non-hostNetwork pods. + type: list + contains: + hostnames: + description: + - Hostnames for the above IP address. + type: list + contains: str + ip: + description: + - IP address of the host file entry. + type: str host_ipc: description: - "Use the host's ipc namespace. Optional: Default to false." @@ -3030,6 +5850,805 @@ pod_security_policy_subject_review: description: - Name of the referent. type: str + init_containers: + description: + - List of initialization containers belonging to the pod. Init containers + are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and + is handled according to its restartPolicy. The name for an init + container or normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, + or Liveness probes. The resourceRequirements of an init container + are taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are + applied to init containers in a similar fashion. Init containers + cannot currently be added or removed. Cannot be updated. + type: list + contains: + args: + description: + - "Arguments to the entrypoint. The docker image's CMD is used\ + \ if this is not provided. Variable references $(VAR_NAME)\ + \ are expanded using the container's environment. If a variable\ + \ cannot be resolved, the reference in the input string will\ + \ be unchanged. The $(VAR_NAME) syntax can be escaped with\ + \ a double $$, ie: $$(VAR_NAME). Escaped references will never\ + \ be expanded, regardless of whether the variable exists or\ + \ not. Cannot be updated." + type: list + contains: str + command: + description: + - "Entrypoint array. Not executed within a shell. The docker\ + \ image's ENTRYPOINT is used if this is not provided. Variable\ + \ references $(VAR_NAME) are expanded using the container's\ + \ environment. If a variable cannot be resolved, the reference\ + \ in the input string will be unchanged. The $(VAR_NAME) syntax\ + \ can be escaped with a double $$, ie: $$(VAR_NAME). Escaped\ + \ references will never be expanded, regardless of whether\ + \ the variable exists or not. Cannot be updated." + type: list + contains: str + env: + description: + - List of environment variables to set in the container. Cannot + be updated. + type: list + contains: + name: + description: + - Name of the environment variable. Must be a C_IDENTIFIER. + type: str + value: + description: + - 'Variable references $(VAR_NAME) are expanded using the + previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: str + value_from: + description: + - Source for the environment variable's value. Cannot be + used if value is not empty. + type: complex + contains: + config_map_key_ref: + description: + - Selects a key of a ConfigMap. + type: complex + contains: + key: + description: + - The key to select. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's key must + be defined + type: bool + field_ref: + description: + - 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified API + version. + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, optional + for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed resources, + defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret_key_ref: + description: + - Selects a key of a secret in the pod's namespace + type: complex + contains: + key: + description: + - The key of the secret to select from. Must be + a valid secret key. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or it's key must be + defined + type: bool + env_from: + description: + - List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value + associated with the last source will take precedence. Values + defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: list + contains: + config_map_ref: + description: + - The ConfigMap to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap must be defined + type: bool + prefix: + description: + - An optional identifer to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: str + secret_ref: + description: + - The Secret to select from + type: complex + contains: + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret must be defined + type: bool + image: + description: + - Docker image name. + type: str + image_pull_policy: + description: + - Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + type: str + lifecycle: + description: + - Actions that the management system should take in response + to container lifecycle events. Cannot be updated. + type: complex + contains: + post_start: + description: + - PostStart is called immediately after a container is created. + If the handler fails, the container is terminated and + restarted according to its restart policy. Other management + of the container blocks until the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + pre_stop: + description: + - PreStop is called immediately before a container is terminated. + The container is terminated after the handler completes. + The reason for termination is passed to the handler. Regardless + of the outcome of the handler, the container is eventually + terminated. Other management of the container blocks until + the hook completes. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside + the container, the working directory for the command + is root ('/') in the container's filesystem. The + command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + type: list + contains: str + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. + You probably want to set "Host" in httpHeaders + instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to + the pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + liveness_probe: + description: + - Periodic probe of container liveness. Container will be restarted + if the probe fails. Cannot be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + name: + description: + - Name of the container specified as a DNS_LABEL. Each container + in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: str + ports: + description: + - List of ports to expose from the container. Exposing a port + here gives the system additional information about the network + connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from + being exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible from + the network. Cannot be updated. + type: list + contains: + container_port: + description: + - Number of port to expose on the pod's IP address. This + must be a valid port number, 0 < x < 65536. + type: int + host_ip: + description: + - What host IP to bind the external port to. + type: str + host_port: + description: + - Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + type: int + name: + description: + - If specified, this must be an IANA_SVC_NAME and unique + within the pod. Each named port in a pod must have a unique + name. Name for the port that can be referred to by services. + type: str + protocol: + description: + - Protocol for port. Must be UDP or TCP. Defaults to "TCP". + type: str + readiness_probe: + description: + - Periodic probe of container service readiness. Container will + be removed from service endpoints if the probe fails. Cannot + be updated. + type: complex + contains: + _exec: + description: + - One and only one of the following should be specified. + Exec specifies the action to take. + type: complex + contains: + command: + description: + - Command is the command line to execute inside the + container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so + traditional shell instructions ('|', etc) won't work. + To use a shell, you need to explicitly call out to + that shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + type: list + contains: str + failure_threshold: + description: + - Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum + value is 1. + type: int + http_get: + description: + - HTTPGet specifies the http request to perform. + type: complex + contains: + host: + description: + - Host name to connect to, defaults to the pod IP. You + probably want to set "Host" in httpHeaders instead. + type: str + http_headers: + description: + - Custom headers to set in the request. HTTP allows + repeated headers. + type: list + contains: + name: + description: + - The header field name + type: str + value: + description: + - The header field value + type: str + path: + description: + - Path to access on the HTTP server. + type: str + port: + description: + - Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + scheme: + description: + - Scheme to use for connecting to the host. Defaults + to HTTP. + type: str + initial_delay_seconds: + description: + - Number of seconds after the container has started before + liveness probes are initiated. + type: int + period_seconds: + description: + - How often (in seconds) to perform the probe. Default to + 10 seconds. Minimum value is 1. + type: int + success_threshold: + description: + - Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be + 1 for liveness. Minimum value is 1. + type: int + tcp_socket: + description: + - TCPSocket specifies an action involving a TCP port. TCP + hooks not yet supported + type: complex + contains: + host: + description: + - 'Optional: Host name to connect to, defaults to the + pod IP.' + type: str + port: + description: + - Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + type: str + timeout_seconds: + description: + - Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. + type: int + resources: + description: + - Compute Resources required by this container. Cannot be updated. + type: complex + contains: + limits: + description: + - Limits describes the maximum amount of compute resources + allowed. + type: complex + contains: str, str + requests: + description: + - Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to + an implementation-defined value. + type: complex + contains: str, str + security_context: + description: + - 'Security options the pod should run with. More info:' + type: complex + contains: + capabilities: + description: + - The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. + type: complex + contains: + add: + description: + - Added capabilities + type: list + contains: str + drop: + description: + - Removed capabilities + type: list + contains: str + privileged: + description: + - Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. + Defaults to false. + type: bool + read_only_root_filesystem: + description: + - Whether this container has a read-only root filesystem. + Default is false. + type: bool + run_as_non_root: + description: + - Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, + no such validation will be performed. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: bool + run_as_user: + description: + - The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: int + se_linux_options: + description: + - The SELinux context to be applied to the container. If + unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: complex + contains: + level: + description: + - Level is SELinux level label that applies to the container. + type: str + role: + description: + - Role is a SELinux role label that applies to the container. + type: str + type: + description: + - Type is a SELinux type label that applies to the container. + type: str + user: + description: + - User is a SELinux user label that applies to the container. + type: str + stdin: + description: + - Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin + in the container will always result in EOF. Default is false. + type: bool + stdin_once: + description: + - Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is + true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client attaches + to stdin, and then remains open and accepts data until the + client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, + a container processes that reads from stdin will never receive + an EOF. Default is false + type: bool + termination_message_path: + description: + - "Optional: Path at which the file to which the container's\ + \ termination message will be written is mounted into the\ + \ container's filesystem. Message written is intended to be\ + \ brief final status, such as an assertion failure message.\ + \ Will be truncated by the node if greater than 4096 bytes.\ + \ The total message length across all containers will be limited\ + \ to 12kb. Defaults to /dev/termination-log. Cannot be updated." + type: str + termination_message_policy: + description: + - Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container + log output if the termination message file is empty and the + container exited with an error. The log output is limited + to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: str + tty: + description: + - Whether this container should allocate a TTY for itself, also + requires 'stdin' to be true. Default is false. + type: bool + volume_mounts: + description: + - Pod volumes to mount into the container's filesystem. Cannot + be updated. + type: list + contains: + mount_path: + description: + - Path within the container at which the volume should be + mounted. Must not contain ':'. + type: str + name: + description: + - This must match the Name of a Volume. + type: str + read_only: + description: + - Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: bool + sub_path: + description: + - Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + type: str + working_dir: + description: + - Container's working directory. If not specified, the container + runtime's default will be used, which might be configured + in the container image. Cannot be updated. + type: str node_name: description: - NodeName is a request to schedule this pod onto a specific node. @@ -3048,6 +6667,11 @@ pod_security_policy_subject_review: - Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. type: str + scheduler_name: + description: + - If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: str security_context: description: - 'SecurityContext holds pod-level security attributes and common @@ -3144,6 +6768,46 @@ pod_security_policy_subject_review: longer than the expected cleanup time for your process. Defaults to 30 seconds. type: int + tolerations: + description: + - If specified, the pod's tolerations. + type: list + contains: + effect: + description: + - Effect indicates the taint effect to match. Empty means match + all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: str + key: + description: + - Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values + and all keys. + type: str + operator: + description: + - Operator represents a key's relationship to the value. Valid + operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: str + toleration_seconds: + description: + - TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it is not set, which + means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by + the system. + type: int + value: + description: + - Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just + a regular string. + type: str volumes: description: - List of volumes that can be mounted by containers belonging to @@ -3207,6 +6871,13 @@ pod_security_policy_subject_review: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + kind: + description: + - 'Expected values Shared: mulitple blob disks per storage + account Dedicated: single blob disk per storage account + Managed: azure managed data disk (only in managed availability + set). defaults to shared' + type: str read_only: description: - Defaults to false (read/write). ReadOnly here will force @@ -3316,9 +6987,9 @@ pod_security_policy_subject_review: the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in - the ConfigMap, the volume setup will error. Paths must - be relative and may not contain the '..' path or start - with '..'. + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. type: list contains: key: @@ -3344,6 +7015,10 @@ pod_security_policy_subject_review: description: - Name of the referent. type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must be defined + type: bool downward_api: description: - DownwardAPI represents downward API about the pod that should @@ -3412,8 +7087,7 @@ pod_security_policy_subject_review: description: - Specifies the output format of the exposed resources, defaults to "1" - type: complex - contains: {} + type: str resource: description: - 'Required: resource to select' @@ -3430,6 +7104,15 @@ pod_security_policy_subject_review: The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. type: str + size_limit: + description: + - Total amount of local storage required for this EmptyDir + volume. The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified here and + the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. + type: str fc: description: - FC represents a Fibre Channel resource that is attached to @@ -3604,6 +7287,14 @@ pod_security_policy_subject_review: a kubelet's host machine and then exposed to the pod. type: complex contains: + chap_auth_discovery: + description: + - whether support iSCSI Discovery CHAP authentication + type: bool + chap_auth_session: + description: + - whether support iSCSI Session CHAP authentication + type: bool fs_type: description: - 'Filesystem type of the volume that you want to mount. @@ -3624,11 +7315,27 @@ pod_security_policy_subject_review: description: - iSCSI target lun number. type: int + portals: + description: + - iSCSI target portal List. The portal is either an IP or + ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: list + contains: str read_only: description: - ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: bool + secret_ref: + description: + - CHAP secret for iSCSI target and initiator authentication + type: complex + contains: + name: + description: + - Name of the referent. + type: str target_portal: description: - iSCSI target portal. The portal is either an IP or ip_addr:port @@ -3690,6 +7397,209 @@ pod_security_policy_subject_review: description: - ID that identifies Photon Controller persistent disk type: str + portworx_volume: + description: + - PortworxVolume represents a portworx volume attached and mounted + on kubelets host machine + type: complex + contains: + fs_type: + description: + - FSType represents the filesystem type to mount Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if + unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + volume_id: + description: + - VolumeID uniquely identifies a Portworx volume + type: str + projected: + description: + - Items for all in one resources secrets, configmaps, and downward + API + type: complex + contains: + default_mode: + description: + - Mode bits to use on created files by default. Must be + a value between 0 and 0777. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + type: int + sources: + description: + - list of volume projections + type: list + contains: + config_map: + description: + - information about the configMap data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the ConfigMap or it's keys must + be defined + type: bool + downward_api: + description: + - information about the downwardAPI data to project + type: complex + contains: + items: + description: + - Items is a list of DownwardAPIVolume file + type: list + contains: + field_ref: + description: + - 'Required: Selects a field of the pod: only + annotations, labels, name and namespace are + supported.' + type: complex + contains: + api_version: + description: + - Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: str + field_path: + description: + - Path of the field to select in the specified + API version. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - "Required: Path is the relative path name\ + \ of the file to be created. Must not be absolute\ + \ or contain the '..' path. Must be utf-8\ + \ encoded. The first item of the relative\ + \ path must not start with '..'" + type: str + resource_field_ref: + description: + - 'Selects a resource of the container: only + resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + type: complex + contains: + container_name: + description: + - 'Container name: required for volumes, + optional for env vars' + type: str + divisor: + description: + - Specifies the output format of the exposed + resources, defaults to "1" + type: str + resource: + description: + - 'Required: resource to select' + type: str + secret: + description: + - information about the secret data to project + type: complex + contains: + items: + description: + - If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected + into the volume as a file whose name is the key + and content is the value. If specified, the listed + keys will be projected into the specified paths, + and unlisted keys will not be present. If a key + is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + type: list + contains: + key: + description: + - The key to project. + type: str + mode: + description: + - 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not + specified, the volume defaultMode will be + used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + type: int + path: + description: + - The relative path of the file to map the key + to. May not be an absolute path. May not contain + the path element '..'. May not start with + the string '..'. + type: str + name: + description: + - Name of the referent. + type: str + optional: + description: + - Specify whether the Secret or its key must be + defined + type: bool quobyte: description: - Quobyte represents a Quobyte mount on the host that shares @@ -3772,6 +7682,67 @@ pod_security_policy_subject_review: description: - The rados user name. Default is admin. type: str + scale_io: + description: + - ScaleIO represents a ScaleIO persistent volume attached and + mounted on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + gateway: + description: + - The host address of the ScaleIO API Gateway. + type: str + protection_domain: + description: + - The name of the Protection Domain for the configured storage + (defaults to "default"). + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef references to the secret for ScaleIO user and + other sensitive information. If this is not provided, + Login operation will fail. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + ssl_enabled: + description: + - Flag to enable/disable SSL communication with Gateway, + default false + type: bool + storage_mode: + description: + - Indicates whether the storage for a volume should be thick + or thin (defaults to "thin"). + type: str + storage_pool: + description: + - The Storage Pool associated with the protection domain + (defaults to "default"). + type: str + system: + description: + - The name of the storage system as configured in ScaleIO. + type: str + volume_name: + description: + - The name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: str secret: description: - Secret represents a secret that should populate this volume. @@ -3794,8 +7765,9 @@ pod_security_policy_subject_review: If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, - the volume setup will error. Paths must be relative and - may not contain the '..' path or start with '..'. + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. type: list contains: key: @@ -3817,10 +7789,58 @@ pod_security_policy_subject_review: not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: str + optional: + description: + - Specify whether the Secret or it's keys must be defined + type: bool secret_name: description: - Name of the secret in the pod's namespace to use. type: str + storageos: + description: + - StorageOS represents a StorageOS volume attached and mounted + on Kubernetes nodes. + type: complex + contains: + fs_type: + description: + - Filesystem type to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + type: str + read_only: + description: + - Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: bool + secret_ref: + description: + - SecretRef specifies the secret to use for obtaining the + StorageOS API credentials. If not specified, default values + will be attempted. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + volume_name: + description: + - VolumeName is the human-readable name of the StorageOS + volume. Volume names are only unique within a namespace. + type: str + volume_namespace: + description: + - VolumeNamespace specifies the scope of the volume within + StorageOS. If no namespace is specified then the Pod's + namespace will be used. This allows the Kubernetes name + scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within StorageOS + will be created. + type: str vsphere_volume: description: - VsphereVolume represents a vSphere volume attached and mounted @@ -3833,6 +7853,15 @@ pod_security_policy_subject_review: by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: str + storage_policy_id: + description: + - Storage Policy Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: str + storage_policy_name: + description: + - Storage Policy Based Management (SPBM) profile name. + type: str volume_path: description: - Path that identifies vSphere volume vmdk diff --git a/library/openshift_v1_policy_binding.py b/library/openshift_v1_policy_binding.py deleted file mode 100644 index 2830e299..00000000 --- a/library/openshift_v1_policy_binding.py +++ /dev/null @@ -1,692 +0,0 @@ -#!/usr/bin/env python - -from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException - -DOCUMENTATION = ''' -module: openshift_v1_policy_binding -short_description: OpenShift PolicyBinding -description: -- Manage the lifecycle of a policy_binding object. Supports check mode, and attempts - to to be idempotent. -version_added: 2.3.0 -author: OpenShift (@openshift) -options: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. They are - not queryable and should be preserved when modifying objects. - type: dict - api_key: - description: - - Token used to connect to the API. - cert_file: - description: - - Path to a certificate used to authenticate with the API. - type: path - context: - description: - - The name of a context found in the Kubernetes config file. - debug: - description: - - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log - default: false - type: bool - force: - description: - - If set to C(True), and I(state) is C(present), an existing object will updated, - and lists will be replaced, rather than merged. - default: false - type: bool - host: - description: - - Provide a URL for acessing the Kubernetes API. - key_file: - description: - - Path to a key file used to authenticate with the API. - type: path - kubeconfig: - description: - - Path to an existing Kubernetes config file. If not provided, and no other connection - options are provided, the openshift client will attempt to load the default - configuration file from I(~/.kube/config.json). - type: path - labels: - description: - - Map of string keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers and services. - type: dict - name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation idempotence and - configuration definition. Cannot be updated. - namespace: - description: - - Namespace defines the space within each name must be unique. An empty namespace - is equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this - field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. - password: - description: - - Provide a password for connecting to the API. Use in conjunction with I(username). - policy_ref_api_version: - description: - - API version of the referent. - aliases: - - api_version - policy_ref_field_path: - description: - - 'If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would - take on a value like: "spec.containers{name}" (where "name" refers to the name - of the container that triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of an object.' - aliases: - - field_path - policy_ref_kind: - description: - - Kind of the referent. - aliases: - - kind - policy_ref_name: - description: - - Name of the referent. - aliases: - - name - policy_ref_namespace: - description: - - Namespace of the referent. - aliases: - - namespace - policy_ref_resource_version: - description: - - Specific resourceVersion to which this reference is made, if any. - aliases: - - resource_version - policy_ref_uid: - description: - - UID of the referent. - aliases: - - uid - resource_definition: - description: - - Provide the YAML definition for the object, bypassing any modules parameters - intended to define object attributes. - type: dict - role_bindings: - description: - - RoleBindings holds all the RoleBindings held by this PolicyBinding, mapped by - RoleBinding.Name - type: list - src: - description: - - Provide a path to a file containing the YAML definition of the object. Mutually - exclusive with I(resource_definition). - type: path - ssl_ca_cert: - description: - - Path to a CA certificate used to authenticate with the API. - type: path - state: - description: - - Determines if an object should be created, patched, or deleted. When set to - C(present), the object will be created, if it does not exist, or patched, if - parameter values differ from the existing object's attributes, and deleted, - if set to C(absent). A patch operation results in merging lists and updating - dictionaries, with lists being merged into a unique set of values. If a list - contains a dictionary with a I(name) or I(type) attribute, a strategic merge - is performed, where individual elements with a matching I(name_) or I(type) - are merged. To force the replacement of lists, set the I(force) option to C(True). - default: present - choices: - - present - - absent - username: - description: - - Provide a username for connecting to the API. - verify_ssl: - description: - - Whether or not to verify the API server's SSL certificates. - type: bool -requirements: -- openshift == 1.0.0-snapshot -''' - -EXAMPLES = ''' -''' - -RETURN = ''' -api_version: - type: string - description: Requested API version -policy_binding: - type: complex - returned: when I(state) = C(present) - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - type: str - kind: - description: - - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. - type: str - last_modified: - description: - - LastModified is the last time that any part of the PolicyBinding was created, - updated, or deleted - type: complex - contains: {} - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource that - may be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used to distinguish - resources with same name and namespace in different clusters. This field - is not set anywhere right now and apiserver is going to ignore it if set - in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time when this - object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null - for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate before - it will be removed from the system. Only set when deletionTimestamp is - also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource will - be deleted. This field is set by the server when a graceful deletion is - requested by the user, and is not directly settable by a client. The resource - is expected to be deleted (no longer visible from resource lists, and - not reachable by name) after the time in this field. Once set, this value - may not be unset or be set further into the future, although it may be - shortened or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet will - react by sending a graceful termination signal to the containers in the - pod. After that 30 seconds, the Kubelet will send a hard termination signal - (SIGKILL) to the container and after cleanup, remove the pod from the - API. In the presence of network partitions, this object may still exist - after this timestamp, until an administrator or automated process can - determine the resource is fully terminated. If not set, graceful deletion - of the object has not been requested. Populated by the system when a graceful - deletion is requested. Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. Each entry - is an identifier for the responsible component that will remove the entry - from the list. If the deletionTimestamp of the object is non-nil, entries - in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate a - unique name ONLY IF the Name field has not been provided. If this field - is used, the name returned to the client will be different than the name - passed. This value will also be combined with a unique suffix. The provided - value has the same validation rules as the Name field, and may be truncated - by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created or 500 with - Reason ServerTimeout indicating a unique name could not be found in the - time allotted, and the client should retry (optionally after the time - indicated in the Retry-After header). Applied only if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired state. - Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating resources, - although some resources may allow a client to request the generation of - an appropriate name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An empty - namespace is equivalent to the "default" namespace, but "default" is the - canonical representation. Not all objects are required to be scoped to - a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the list have - been deleted, this object will be garbage collected. If this object is - managed by a controller, then an entry in this list will point to this - controller, with the controller field set to true. There cannot be more - than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object that - can be used by clients to determine when objects have changed. May be - used for optimistic concurrency, change detection, and the watch operation - on a resource or set of resources. Clients must treat these values as - opaque and passed unmodified back to the server. They may only be valid - for a particular resource or set of resources. Populated by the system. - Read-only. Value must be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It is typically - generated by the server on successful creation of a resource and is not - allowed to change on PUT operations. Populated by the system. Read-only. - type: str - policy_ref: - description: - - PolicyRef is a reference to the Policy that contains all the Roles that this - PolicyBinding's RoleBindings may reference - type: complex - contains: - api_version: - description: - - API version of the referent. - type: str - field_path: - description: - - 'If referring to a piece of an object instead of an entire object, this - string should contain a valid JSON/Go field access statement, such as - desiredState.manifest.containers[2]. For example, if the object reference - is to a container within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered the event) - or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined - way of referencing a part of an object.' - type: str - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - namespace: - description: - - Namespace of the referent. - type: str - resource_version: - description: - - Specific resourceVersion to which this reference is made, if any. - type: str - uid: - description: - - UID of the referent. - type: str - role_bindings: - description: - - RoleBindings holds all the RoleBindings held by this PolicyBinding, mapped - by RoleBinding.Name - type: list - contains: - name: - description: - - Name is the name of the role binding - type: str - role_binding: - description: - - RoleBinding is the role binding being named - type: complex - contains: - api_version: - description: - - APIVersion defines the versioned schema of this representation of - an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. - type: str - group_names: - description: - - GroupNames holds all the groups directly bound to the role. This field - should only be specified when supporting legacy clients and servers. - See Subjects for further details. - type: list - contains: str - kind: - description: - - Kind is a string value representing the REST resource this object - represents. Servers may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - type: str - metadata: - description: - - Standard object's metadata. - type: complex - contains: - annotations: - description: - - Annotations is an unstructured key value map stored with a resource - that may be set by external tools to store and retrieve arbitrary - metadata. They are not queryable and should be preserved when - modifying objects. - type: complex - contains: str, str - cluster_name: - description: - - The name of the cluster which the object belongs to. This is used - to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver - is going to ignore it if set in create or update request. - type: str - creation_timestamp: - description: - - CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in - happens-before order across separate operations. Clients may not - set this value. It is represented in RFC3339 form and is in UTC. - Populated by the system. Read-only. Null for lists. - type: complex - contains: {} - deletion_grace_period_seconds: - description: - - Number of seconds allowed for this object to gracefully terminate - before it will be removed from the system. Only set when deletionTimestamp - is also set. May only be shortened. Read-only. - type: int - deletion_timestamp: - description: - - DeletionTimestamp is RFC 3339 date and time at which this resource - will be deleted. This field is set by the server when a graceful - deletion is requested by the user, and is not directly settable - by a client. The resource is expected to be deleted (no longer - visible from resource lists, and not reachable by name) after - the time in this field. Once set, this value may not be unset - or be set further into the future, although it may be shortened - or the resource may be deleted prior to this time. For example, - a user may request that a pod is deleted in 30 seconds. The Kubelet - will react by sending a graceful termination signal to the containers - in the pod. After that 30 seconds, the Kubelet will send a hard - termination signal (SIGKILL) to the container and after cleanup, - remove the pod from the API. In the presence of network partitions, - this object may still exist after this timestamp, until an administrator - or automated process can determine the resource is fully terminated. - If not set, graceful deletion of the object has not been requested. - Populated by the system when a graceful deletion is requested. - Read-only. - type: complex - contains: {} - finalizers: - description: - - Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component that - will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - type: list - contains: str - generate_name: - description: - - GenerateName is an optional prefix, used by the server, to generate - a unique name ONLY IF the Name field has not been provided. If - this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a - unique suffix. The provided value has the same validation rules - as the Name field, and may be truncated by the length of the suffix - required to make the value unique on the server. If this field - is specified and the generated name exists, the server will NOT - return a 409 - instead, it will either return 201 Created or 500 - with Reason ServerTimeout indicating a unique name could not be - found in the time allotted, and the client should retry (optionally - after the time indicated in the Retry-After header). Applied only - if Name is not specified. - type: str - generation: - description: - - A sequence number representing a specific generation of the desired - state. Populated by the system. Read-only. - type: int - labels: - description: - - Map of string keys and values that can be used to organize and - categorize (scope and select) objects. May match selectors of - replication controllers and services. - type: complex - contains: str, str - name: - description: - - Name must be unique within a namespace. Is required when creating - resources, although some resources may allow a client to request - the generation of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration definition. - Cannot be updated. - type: str - namespace: - description: - - Namespace defines the space within each name must be unique. An - empty namespace is equivalent to the "default" namespace, but - "default" is the canonical representation. Not all objects are - required to be scoped to a namespace - the value of this field - for those objects will be empty. Must be a DNS_LABEL. Cannot be - updated. - type: str - owner_references: - description: - - List of objects depended by this object. If ALL objects in the - list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - controller: - description: - - If true, this reference points to the managing controller. - type: bool - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - uid: - description: - - UID of the referent. - type: str - resource_version: - description: - - An opaque value that represents the internal version of this object - that can be used by clients to determine when objects have changed. - May be used for optimistic concurrency, change detection, and - the watch operation on a resource or set of resources. Clients - must treat these values as opaque and passed unmodified back to - the server. They may only be valid for a particular resource or - set of resources. Populated by the system. Read-only. Value must - be treated as opaque by clients and . - type: str - self_link: - description: - - SelfLink is a URL representing this object. Populated by the system. - Read-only. - type: str - uid: - description: - - UID is the unique in time and space value for this object. It - is typically generated by the server on successful creation of - a resource and is not allowed to change on PUT operations. Populated - by the system. Read-only. - type: str - role_ref: - description: - - RoleRef can only reference the current namespace and the global namespace. - If the RoleRef cannot be resolved, the Authorizer must return an error. - Since Policy is a singleton, this is sufficient knowledge to locate - a role. - type: complex - contains: - api_version: - description: - - API version of the referent. - type: str - field_path: - description: - - 'If referring to a piece of an object instead of an entire object, - this string should contain a valid JSON/Go field access statement, - such as desiredState.manifest.containers[2]. For example, if the - object reference is to a container within a pod, this would take - on a value like: "spec.containers{name}" (where "name" refers - to the name of the container that triggered the event) or if no - container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some - well-defined way of referencing a part of an object.' - type: str - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - namespace: - description: - - Namespace of the referent. - type: str - resource_version: - description: - - Specific resourceVersion to which this reference is made, if any. - type: str - uid: - description: - - UID of the referent. - type: str - subjects: - description: - - Subjects hold object references to authorize with this rule. This - field is ignored if UserNames or GroupNames are specified to support - legacy clients and servers. Thus newer clients that do not need to - support backwards compatibility should send only fully qualified Subjects - and should omit the UserNames and GroupNames fields. Clients that - need to support backwards compatibility can use this field to build - the UserNames and GroupNames. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - field_path: - description: - - 'If referring to a piece of an object instead of an entire object, - this string should contain a valid JSON/Go field access statement, - such as desiredState.manifest.containers[2]. For example, if the - object reference is to a container within a pod, this would take - on a value like: "spec.containers{name}" (where "name" refers - to the name of the container that triggered the event) or if no - container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some - well-defined way of referencing a part of an object.' - type: str - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - namespace: - description: - - Namespace of the referent. - type: str - resource_version: - description: - - Specific resourceVersion to which this reference is made, if any. - type: str - uid: - description: - - UID of the referent. - type: str - user_names: - description: - - UserNames holds all the usernames directly bound to the role. This - field should only be specified when supporting legacy clients and - servers. See Subjects for further details. - type: list - contains: str -''' - - -def main(): - try: - module = OpenShiftAnsibleModule('policy_binding', 'V1') - except OpenShiftAnsibleException as exc: - # The helper failed to init, so there is no module object. All we can do is raise the error. - raise Exception(exc.message) - - try: - module.execute_module() - except OpenShiftAnsibleException as exc: - module.fail_json(msg="Module failed!", error=str(exc)) - - -if __name__ == '__main__': - main() diff --git a/library/openshift_v1_project.py b/library/openshift_v1_project.py index 0886dce9..79164fd0 100644 --- a/library/openshift_v1_project.py +++ b/library/openshift_v1_project.py @@ -120,7 +120,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -236,6 +236,150 @@ project: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -271,6 +415,14 @@ project: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_project_list.py b/library/openshift_v1_project_list.py index 0c3a3407..c34e899f 100644 --- a/library/openshift_v1_project_list.py +++ b/library/openshift_v1_project_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ project_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ project_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_role.py b/library/openshift_v1_role.py index 557565f4..15078c6a 100644 --- a/library/openshift_v1_role.py +++ b/library/openshift_v1_role.py @@ -111,7 +111,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -218,6 +218,150 @@ role: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -253,6 +397,14 @@ role: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_role_binding.py b/library/openshift_v1_role_binding.py index 051462af..473589d7 100644 --- a/library/openshift_v1_role_binding.py +++ b/library/openshift_v1_role_binding.py @@ -169,7 +169,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -283,6 +283,150 @@ role_binding: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -318,6 +462,14 @@ role_binding: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_role_binding_list.py b/library/openshift_v1_role_binding_list.py index a137bec3..aac28a31 100644 --- a/library/openshift_v1_role_binding_list.py +++ b/library/openshift_v1_role_binding_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -217,6 +213,153 @@ role_binding_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -253,6 +396,14 @@ role_binding_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_role_binding_restriction.py b/library/openshift_v1_role_binding_restriction.py index 8e267160..05432b89 100644 --- a/library/openshift_v1_role_binding_restriction.py +++ b/library/openshift_v1_role_binding_restriction.py @@ -151,7 +151,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -258,6 +258,150 @@ role_binding_restriction: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -293,6 +437,14 @@ role_binding_restriction: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_role_binding_restriction_list.py b/library/openshift_v1_role_binding_restriction_list.py index e3587408..f067f175 100644 --- a/library/openshift_v1_role_binding_restriction_list.py +++ b/library/openshift_v1_role_binding_restriction_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ role_binding_restriction_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ role_binding_restriction_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_role_list.py b/library/openshift_v1_role_list.py index 758f2c73..2862ac50 100644 --- a/library/openshift_v1_role_list.py +++ b/library/openshift_v1_role_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ role_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ role_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_route.py b/library/openshift_v1_route.py index 26887b41..4869fcdf 100644 --- a/library/openshift_v1_route.py +++ b/library/openshift_v1_route.py @@ -78,10 +78,9 @@ options: type: dict spec_alternate_backends: description: - - alternateBackends is an extension of the 'to' field. If more than one service - needs to be pointed to, then use this field. Use the weight field in RouteTargetReference - object to specify relative preference. If the weight field is zero, the backend - is ignored. + - alternateBackends allows up to 3 additional backends to be assigned to the route. + Only the Service kind is allowed, and it will be defaulted to Service. Use the + weight field in RouteTargetReference object to specify relative preference. aliases: - alternate_backends type: list @@ -118,7 +117,10 @@ options: description: - destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided - in order to have routers use it for health checks on the secure connection + in order to have routers use it for health checks on the secure connection. + If this field is not specified, the router may provide its own destination CA + and perform hostname validation using the short service name (service.namespace.svc), + which allows infrastructure generated certificates to automatically verify. aliases: - tls_destination_ca_certificate spec_tls_insecure_edge_termination_policy: @@ -153,8 +155,9 @@ options: - to_name spec_to_weight: description: - - weight as an integer between 1 and 256 that specifies the target's relative - weight against other target reference objects + - weight as an integer between 0 and 256, default 1, that specifies the target's + relative weight against other target reference objects. 0 suppresses requests + to this backend. aliases: - to_weight type: int @@ -195,7 +198,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -230,10 +233,6 @@ EXAMPLES = ''' tls_termination: reencrypt spec_to_kind: Service spec_to_name: other-service-name - tls_destination_ca_certificate: |- - -----BEGIN CERTIFICATE----- - destination_cetricate_contents - -----END CERTIFICATE----- - name: Replace route openshift_v1_route.yml: @@ -245,18 +244,6 @@ EXAMPLES = ''' spec_to_kind: Service spec_to_name: whimsy-name tls_termination: edge - tls_key: |- - -----BEGIN PRIVATE KEY----- - key_file_contents - -----END PRIVATE KEY----- - tls_certificate: |- - -----BEGIN CERTIFICATE----- - certificate_contents - -----END CERTIFICATE----- - tls_ca_certificate: |- - -----BEGIN CERTIFICATE----- - ca_certificate_contents - -----END CERTIFICATE----- - name: Remove route openshift_v1_route.yml: @@ -366,6 +353,150 @@ route: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -401,6 +532,14 @@ route: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -444,10 +583,10 @@ route: contains: alternate_backends: description: - - alternateBackends is an extension of the 'to' field. If more than one - service needs to be pointed to, then use this field. Use the weight field - in RouteTargetReference object to specify relative preference. If the - weight field is zero, the backend is ignored. + - alternateBackends allows up to 3 additional backends to be assigned to + the route. Only the Service kind is allowed, and it will be defaulted + to Service. Use the weight field in RouteTargetReference object to specify + relative preference. type: list contains: kind: @@ -462,8 +601,9 @@ route: type: str weight: description: - - weight as an integer between 1 and 256 that specifies the target's - relative weight against other target reference objects + - weight as an integer between 0 and 256, default 1, that specifies + the target's relative weight against other target reference objects. + 0 suppresses requests to this backend. type: int host: description: @@ -488,8 +628,7 @@ route: - The target port on pods selected by the service this route points to. If this is a string, it will be looked up as a named port in the target endpoints port list. Required - type: complex - contains: {} + type: str tls: description: - The tls field provides the ability to configure certificates and termination @@ -509,7 +648,10 @@ route: - destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks - on the secure connection + on the secure connection. If this field is not specified, the router + may provide its own destination CA and perform hostname validation + using the short service name (service.namespace.svc), which allows + infrastructure generated certificates to automatically verify. type: str insecure_edge_termination_policy: description: @@ -532,7 +674,8 @@ route: description: - to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight - field is set to zero, no traffic will be sent to this service. + field (0-256 default 1) is set to zero, no traffic will be sent to this + backend. type: complex contains: kind: @@ -547,8 +690,9 @@ route: type: str weight: description: - - weight as an integer between 1 and 256 that specifies the target's - relative weight against other target reference objects + - weight as an integer between 0 and 256, default 1, that specifies + the target's relative weight against other target reference objects. + 0 suppresses requests to this backend. type: int wildcard_policy: description: diff --git a/library/openshift_v1_route_list.py b/library/openshift_v1_route_list.py index 4f7ba813..1d90fbb3 100644 --- a/library/openshift_v1_route_list.py +++ b/library/openshift_v1_route_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -210,6 +206,153 @@ route_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -246,6 +389,14 @@ route_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -292,10 +443,10 @@ route_list: contains: alternate_backends: description: - - alternateBackends is an extension of the 'to' field. If more than - one service needs to be pointed to, then use this field. Use the weight - field in RouteTargetReference object to specify relative preference. - If the weight field is zero, the backend is ignored. + - alternateBackends allows up to 3 additional backends to be assigned + to the route. Only the Service kind is allowed, and it will be defaulted + to Service. Use the weight field in RouteTargetReference object to + specify relative preference. type: list contains: kind: @@ -310,8 +461,9 @@ route_list: type: str weight: description: - - weight as an integer between 1 and 256 that specifies the target's - relative weight against other target reference objects + - weight as an integer between 0 and 256, default 1, that specifies + the target's relative weight against other target reference objects. + 0 suppresses requests to this backend. type: int host: description: @@ -336,8 +488,7 @@ route_list: - The target port on pods selected by the service this route points to. If this is a string, it will be looked up as a named port in the target endpoints port list. Required - type: complex - contains: {} + type: str tls: description: - The tls field provides the ability to configure certificates and termination @@ -357,7 +508,11 @@ route_list: - destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health - checks on the secure connection + checks on the secure connection. If this field is not specified, + the router may provide its own destination CA and perform hostname + validation using the short service name (service.namespace.svc), + which allows infrastructure generated certificates to automatically + verify. type: str insecure_edge_termination_policy: description: @@ -380,8 +535,8 @@ route_list: description: - to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. - If the weight field is set to zero, no traffic will be sent to this - service. + If the weight field (0-256 default 1) is set to zero, no traffic will + be sent to this backend. type: complex contains: kind: @@ -396,8 +551,9 @@ route_list: type: str weight: description: - - weight as an integer between 1 and 256 that specifies the target's - relative weight against other target reference objects + - weight as an integer between 0 and 256, default 1, that specifies + the target's relative weight against other target reference objects. + 0 suppresses requests to this backend. type: int wildcard_policy: description: diff --git a/library/openshift_v1_security_context_constraints.py b/library/openshift_v1_security_context_constraints.py index 0bfbcec2..ce55de9d 100644 --- a/library/openshift_v1_security_context_constraints.py +++ b/library/openshift_v1_security_context_constraints.py @@ -45,6 +45,12 @@ options: You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'. type: list + allowed_flex_volumes: + description: + - AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates + that all Flexvolumes may be used. This parameter is effective only when the + usage of the Flexvolumes is allowed in the "Volumes" field. + type: list annotations: description: - Annotations is an unstructured key value map stored with a resource that may @@ -131,8 +137,10 @@ options: description: - Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. - The higher the int, the higher priority. If scores for multiple SCCs are equal - they will be sorted by name. + The higher the int, the higher priority. An unset value is considered a 0 priority. + If scores for multiple SCCs are equal they will be sorted from most restrictive + to least restrictive. If both priorities and restrictions are equal the SCCs + will be sorted by name. type: int read_only_root_filesystem: description: @@ -147,6 +155,11 @@ options: - RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added. type: list + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict run_as_user_type: description: - Type is the strategy that will dictate what RunAsUser is used in the SecurityContext. @@ -204,10 +217,29 @@ options: profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default. type: list + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path ssl_ca_cert: description: - Path to a CA certificate used to authenticate with the API. type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent supplemental_groups_ranges: description: - Ranges are the allowed ranges of supplemental groups. If you would like to force @@ -237,10 +269,10 @@ options: description: - Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To - allow all volumes you may use '*'. + allow all volumes you may use "*". To allow no volumes, set to ["none"]. type: list requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -252,7 +284,7 @@ api_version: description: Requested API version security_context_constraints: type: complex - returned: on success + returned: when I(state) = C(present) contains: allow_host_dir_volume_plugin: description: @@ -289,6 +321,17 @@ security_context_constraints: RequiredDropCapabilities. To allow all capabilities you may use '*'. type: list contains: str + allowed_flex_volumes: + description: + - AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates + that all Flexvolumes may be used. This parameter is effective only when the + usage of the Flexvolumes is allowed in the "Volumes" field. + type: list + contains: + driver: + description: + - Driver is the name of the Flexvolume driver. + type: str api_version: description: - APIVersion defines the versioned schema of this representation of an object. @@ -417,6 +460,150 @@ security_context_constraints: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -452,6 +639,14 @@ security_context_constraints: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -492,8 +687,10 @@ security_context_constraints: description: - Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. - The higher the int, the higher priority. If scores for multiple SCCs are equal - they will be sorted by name. + The higher the int, the higher priority. An unset value is considered a 0 + priority. If scores for multiple SCCs are equal they will be sorted from most + restrictive to least restrictive. If both priorities and restrictions are + equal the SCCs will be sorted by name. type: int read_only_root_filesystem: description: @@ -608,7 +805,7 @@ security_context_constraints: description: - Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To - allow all volumes you may use '*'. + allow all volumes you may use "*". To allow no volumes, set to ["none"]. type: list contains: str ''' diff --git a/library/openshift_v1_security_context_constraints_list.py b/library/openshift_v1_security_context_constraints_list.py index c44ccdef..4e3f9451 100644 --- a/library/openshift_v1_security_context_constraints_list.py +++ b/library/openshift_v1_security_context_constraints_list.py @@ -46,17 +46,37 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path ssl_ca_cert: description: - Path to a CA certificate used to authenticate with the API. type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent username: description: - Provide a username for connecting to the API. @@ -65,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -77,7 +97,7 @@ api_version: description: Requested API version security_context_constraints_list: type: complex - returned: on success + returned: when I(state) = C(present) contains: api_version: description: @@ -125,6 +145,17 @@ security_context_constraints_list: and RequiredDropCapabilities. To allow all capabilities you may use '*'. type: list contains: str + allowed_flex_volumes: + description: + - AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil + indicates that all Flexvolumes may be used. This parameter is effective + only when the usage of the Flexvolumes is allowed in the "Volumes" field. + type: list + contains: + driver: + description: + - Driver is the name of the Flexvolume driver. + type: str api_version: description: - APIVersion defines the versioned schema of this representation of an object. @@ -259,6 +290,153 @@ security_context_constraints_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -295,6 +473,14 @@ security_context_constraints_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -338,8 +524,10 @@ security_context_constraints_list: description: - Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and - Groups fields. The higher the int, the higher priority. If scores for - multiple SCCs are equal they will be sorted by name. + Groups fields. The higher the int, the higher priority. An unset value + is considered a 0 priority. If scores for multiple SCCs are equal they + will be sorted from most restrictive to least restrictive. If both priorities + and restrictions are equal the SCCs will be sorted by name. type: int read_only_root_filesystem: description: @@ -457,7 +645,8 @@ security_context_constraints_list: description: - Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, - emptyDir). To allow all volumes you may use '*'. + emptyDir). To allow all volumes you may use "*". To allow no volumes, + set to ["none"]. type: list contains: str kind: diff --git a/library/openshift_v1_self_subject_rules_review.py b/library/openshift_v1_self_subject_rules_review.py index 15937e11..3f38e08e 100644 --- a/library/openshift_v1_self_subject_rules_review.py +++ b/library/openshift_v1_self_subject_rules_review.py @@ -67,7 +67,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' diff --git a/library/openshift_v1_subject_rules_review.py b/library/openshift_v1_subject_rules_review.py index 83933afe..0c2e363d 100644 --- a/library/openshift_v1_subject_rules_review.py +++ b/library/openshift_v1_subject_rules_review.py @@ -79,7 +79,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' diff --git a/library/openshift_v1_template.py b/library/openshift_v1_template.py index 920447b4..a46d90da 100644 --- a/library/openshift_v1_template.py +++ b/library/openshift_v1_template.py @@ -127,7 +127,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -248,6 +248,150 @@ template: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -283,6 +427,14 @@ template: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_template_instance.py b/library/openshift_v1_template_instance.py new file mode 100644 index 00000000..d274e3f9 --- /dev/null +++ b/library/openshift_v1_template_instance.py @@ -0,0 +1,1094 @@ +#!/usr/bin/env python + +from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException + +DOCUMENTATION = ''' +module: openshift_v1_template_instance +short_description: OpenShift TemplateInstance +description: +- Manage the lifecycle of a template_instance object. Supports check mode, and attempts + to to be idempotent. +version_added: 2.3.0 +author: OpenShift (@openshift) +options: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + api_key: + description: + - Token used to connect to the API. + cert_file: + description: + - Path to a certificate used to authenticate with the API. + type: path + context: + description: + - The name of a context found in the Kubernetes config file. + debug: + description: + - Enable debug output from the OpenShift helper. Logging info is written to KubeObjHelper.log + default: false + type: bool + force: + description: + - If set to C(True), and I(state) is C(present), an existing object will updated, + and lists will be replaced, rather than merged. + default: false + type: bool + host: + description: + - Provide a URL for acessing the Kubernetes API. + key_file: + description: + - Path to a key file used to authenticate with the API. + type: path + kubeconfig: + description: + - Path to an existing Kubernetes config file. If not provided, and no other connection + options are provided, the openshift client will attempt to load the default + configuration file from I(~/.kube/config.json). + type: path + labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + password: + description: + - Provide a password for connecting to the API. Use in conjunction with I(username). + resource_definition: + description: + - Provide the YAML definition for the object, bypassing any modules parameters + intended to define object attributes. + type: dict + spec_requester_extra: + description: + - extra holds additional information provided by the authenticator. + aliases: + - requester_extra + type: dict + spec_requester_groups: + description: + - groups represent the groups this user is a part of. + aliases: + - requester_groups + type: list + spec_requester_uid: + description: + - uid is a unique value that identifies this user across time; if this user is + deleted and another user by the same name is added, they will have different + UIDs. + aliases: + - requester_uid + spec_requester_username: + description: + - username uniquely identifies this user among all active users. + aliases: + - requester_username + spec_secret_name: + description: + - Name of the referent. + aliases: + - secret_name + spec_template_api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + aliases: + - api_version + spec_template_kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + aliases: + - kind + spec_template_labels: + description: + - labels is a optional set of labels that are applied to every object during the + Template to Config transformation. + aliases: + - labels + type: dict + spec_template_message: + description: + - message is an optional instructional message that will be displayed when this + template is instantiated. This field should inform the user how to utilize the + newly created resources. Parameter substitution will be performed on the message + before being displayed so that generated credentials and other parameters can + be included in the output. + aliases: + - message + spec_template_metadata_annotations: + description: + - Annotations is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. They are + not queryable and should be preserved when modifying objects. + type: dict + spec_template_metadata_labels: + description: + - Map of string keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers and services. + type: dict + spec_template_metadata_name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation idempotence and + configuration definition. Cannot be updated. + spec_template_metadata_namespace: + description: + - Namespace defines the space within each name must be unique. An empty namespace + is equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this + field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. + spec_template_objects: + description: + - objects is an array of resources to include in this template. If a namespace + value is hardcoded in the object, it will be removed during template instantiation, + however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the + resolved value after parameter substitution will be respected and the object + will be created in that namespace. + aliases: + - objects + type: list + spec_template_parameters: + description: + - parameters is an optional array of Parameters used during the Template to Config + transformation. + aliases: + - parameters + type: list + src: + description: + - Provide a path to a file containing the YAML definition of the object. Mutually + exclusive with I(resource_definition). + type: path + ssl_ca_cert: + description: + - Path to a CA certificate used to authenticate with the API. + type: path + state: + description: + - Determines if an object should be created, patched, or deleted. When set to + C(present), the object will be created, if it does not exist, or patched, if + parameter values differ from the existing object's attributes, and deleted, + if set to C(absent). A patch operation results in merging lists and updating + dictionaries, with lists being merged into a unique set of values. If a list + contains a dictionary with a I(name) or I(type) attribute, a strategic merge + is performed, where individual elements with a matching I(name_) or I(type) + are merged. To force the replacement of lists, set the I(force) option to C(True). + default: present + choices: + - present + - absent + username: + description: + - Provide a username for connecting to the API. + verify_ssl: + description: + - Whether or not to verify the API server's SSL certificates. + type: bool +requirements: +- openshift == 0.3.1 +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +api_version: + type: string + description: Requested API version +template_instance: + type: complex + returned: when I(state) = C(present) + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + metadata: + description: + - Standard object metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used to distinguish + resources with same name and namespace in different clusters. This field + is not set anywhere right now and apiserver is going to ignore it if set + in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time when this + object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null + for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate before + it will be removed from the system. Only set when deletionTimestamp is + also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource will + be deleted. This field is set by the server when a graceful deletion is + requested by the user, and is not directly settable by a client. The resource + is expected to be deleted (no longer visible from resource lists, and + not reachable by name) after the time in this field. Once set, this value + may not be unset or be set further into the future, although it may be + shortened or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet will + react by sending a graceful termination signal to the containers in the + pod. After that 30 seconds, the Kubelet will send a hard termination signal + (SIGKILL) to the container and after cleanup, remove the pod from the + API. In the presence of network partitions, this object may still exist + after this timestamp, until an administrator or automated process can + determine the resource is fully terminated. If not set, graceful deletion + of the object has not been requested. Populated by the system when a graceful + deletion is requested. Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. Each entry + is an identifier for the responsible component that will remove the entry + from the list. If the deletionTimestamp of the object is non-nil, entries + in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate a + unique name ONLY IF the Name field has not been provided. If this field + is used, the name returned to the client will be different than the name + passed. This value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and may be truncated + by the length of the suffix required to make the value unique on the server. + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with + Reason ServerTimeout indicating a unique name could not be found in the + time allotted, and the client should retry (optionally after the time + indicated in the Retry-After header). Applied only if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating resources, + although some resources may allow a client to request the generation of + an appropriate name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An empty + namespace is equivalent to the "default" namespace, but "default" is the + canonical representation. Not all objects are required to be scoped to + a namespace - the value of this field for those objects will be empty. + Must be a DNS_LABEL. Cannot be updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is + managed by a controller, then an entry in this list will point to this + controller, with the controller field set to true. There cannot be more + than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be + used for optimistic concurrency, change detection, and the watch operation + on a resource or set of resources. Clients must treat these values as + opaque and passed unmodified back to the server. They may only be valid + for a particular resource or set of resources. Populated by the system. + Read-only. Value must be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It is typically + generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. Populated by the system. Read-only. + type: str + spec: + description: + - spec describes the desired state of this TemplateInstance. + type: complex + contains: + requester: + description: + - requester holds the identity of the agent requesting the template instantiation. + type: complex + contains: + extra: + description: + - extra holds additional information provided by the authenticator. + type: complex + contains: str, list[str] + groups: + description: + - groups represent the groups this user is a part of. + type: list + contains: str + uid: + description: + - uid is a unique value that identifies this user across time; if this + user is deleted and another user by the same name is added, they will + have different UIDs. + type: str + username: + description: + - username uniquely identifies this user among all active users. + type: str + secret: + description: + - secret is a reference to a Secret object containing the necessary template + parameters. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + template: + description: + - template is a full copy of the template for instantiation. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation of + an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. + type: str + labels: + description: + - labels is a optional set of labels that are applied to every object + during the Template to Config transformation. + type: complex + contains: str, str + message: + description: + - message is an optional instructional message that will be displayed + when this template is instantiated. This field should inform the user + how to utilize the newly created resources. Parameter substitution + will be performed on the message before being displayed so that generated + credentials and other parameters can be included in the output. + type: str + metadata: + description: + - Standard object's metadata. + type: complex + contains: + annotations: + description: + - Annotations is an unstructured key value map stored with a resource + that may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. + type: complex + contains: str, str + cluster_name: + description: + - The name of the cluster which the object belongs to. This is used + to distinguish resources with same name and namespace in different + clusters. This field is not set anywhere right now and apiserver + is going to ignore it if set in create or update request. + type: str + creation_timestamp: + description: + - CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in + happens-before order across separate operations. Clients may not + set this value. It is represented in RFC3339 form and is in UTC. + Populated by the system. Read-only. Null for lists. + type: complex + contains: {} + deletion_grace_period_seconds: + description: + - Number of seconds allowed for this object to gracefully terminate + before it will be removed from the system. Only set when deletionTimestamp + is also set. May only be shortened. Read-only. + type: int + deletion_timestamp: + description: + - DeletionTimestamp is RFC 3339 date and time at which this resource + will be deleted. This field is set by the server when a graceful + deletion is requested by the user, and is not directly settable + by a client. The resource is expected to be deleted (no longer + visible from resource lists, and not reachable by name) after + the time in this field. Once set, this value may not be unset + or be set further into the future, although it may be shortened + or the resource may be deleted prior to this time. For example, + a user may request that a pod is deleted in 30 seconds. The Kubelet + will react by sending a graceful termination signal to the containers + in the pod. After that 30 seconds, the Kubelet will send a hard + termination signal (SIGKILL) to the container and after cleanup, + remove the pod from the API. In the presence of network partitions, + this object may still exist after this timestamp, until an administrator + or automated process can determine the resource is fully terminated. + If not set, graceful deletion of the object has not been requested. + Populated by the system when a graceful deletion is requested. + Read-only. + type: complex + contains: {} + finalizers: + description: + - Must be empty before the object is deleted from the registry. + Each entry is an identifier for the responsible component that + will remove the entry from the list. If the deletionTimestamp + of the object is non-nil, entries in this list can only be removed. + type: list + contains: str + generate_name: + description: + - GenerateName is an optional prefix, used by the server, to generate + a unique name ONLY IF the Name field has not been provided. If + this field is used, the name returned to the client will be different + than the name passed. This value will also be combined with a + unique suffix. The provided value has the same validation rules + as the Name field, and may be truncated by the length of the suffix + required to make the value unique on the server. If this field + is specified and the generated name exists, the server will NOT + return a 409 - instead, it will either return 201 Created or 500 + with Reason ServerTimeout indicating a unique name could not be + found in the time allotted, and the client should retry (optionally + after the time indicated in the Retry-After header). Applied only + if Name is not specified. + type: str + generation: + description: + - A sequence number representing a specific generation of the desired + state. Populated by the system. Read-only. + type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers + that have not yet acted on this object. If nil or empty, this + object has been completely initialized. Otherwise, the object + is considered uninitialized and is hidden (in list/watch and get + calls) from clients that haven't explicitly asked to observe uninitialized + objects. When an object is created, the system will populate this + list with the current set of initializers. Only privileged users + may set or modify this list. Once it is empty, it may not be modified + further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order + before this object is visible. When the last pending initializer + is removed, and no failing result is set, the initializers + struct will be set to nil and the object is considered as + initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will be + persisted to storage and then deleted, ensuring that other + clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is optional + and the data returned is not guaranteed to conform to + any schema except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this + error, as named by its JSON serialization. May + include dot and postfix notation for nested attributes. + Arrays are zero-indexed. Fields may appear more + than once in an array of causes due to fields + having multiple errors. Optional. Examples: "name" + - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in + "items"' + type: str + message: + description: + - A human-readable description of the cause of the + error. This field may be presented as-is to a + reader. + type: str + reason: + description: + - A machine-readable description of the cause of + the error. If this value is empty there is no + information available. + type: str + group: + description: + - The group attribute of the resource associated with + the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with + the status StatusReason. On some operations may differ + from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with + the status StatusReason (when there is a single name + which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from the + endpoint the client submits requests to. Cannot be updated. + In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to determine + when objects have changed. Value must be treated as + opaque by clients and passed unmodified back to the + server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is + in the "Failure" status. If this value is empty there + is no information available. A Reason clarifies an HTTP + status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str + labels: + description: + - Map of string keys and values that can be used to organize and + categorize (scope and select) objects. May match selectors of + replication controllers and services. + type: complex + contains: str, str + name: + description: + - Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request + the generation of an appropriate name automatically. Name is primarily + intended for creation idempotence and configuration definition. + Cannot be updated. + type: str + namespace: + description: + - Namespace defines the space within each name must be unique. An + empty namespace is equivalent to the "default" namespace, but + "default" is the canonical representation. Not all objects are + required to be scoped to a namespace - the value of this field + for those objects will be empty. Must be a DNS_LABEL. Cannot be + updated. + type: str + owner_references: + description: + - List of objects depended by this object. If ALL objects in the + list have been deleted, this object will be garbage collected. + If this object is managed by a controller, then an entry in this + list will point to this controller, with the controller field + set to true. There cannot be more than one managing controller. + type: list + contains: + api_version: + description: + - API version of the referent. + type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store + until this reference is removed. Defaults to false. To set + this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: bool + controller: + description: + - If true, this reference points to the managing controller. + type: bool + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + uid: + description: + - UID of the referent. + type: str + resource_version: + description: + - An opaque value that represents the internal version of this object + that can be used by clients to determine when objects have changed. + May be used for optimistic concurrency, change detection, and + the watch operation on a resource or set of resources. Clients + must treat these values as opaque and passed unmodified back to + the server. They may only be valid for a particular resource or + set of resources. Populated by the system. Read-only. Value must + be treated as opaque by clients and . + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the system. + Read-only. + type: str + uid: + description: + - UID is the unique in time and space value for this object. It + is typically generated by the server on successful creation of + a resource and is not allowed to change on PUT operations. Populated + by the system. Read-only. + type: str + objects: + description: + - objects is an array of resources to include in this template. If a + namespace value is hardcoded in the object, it will be removed during + template instantiation, however if the namespace value is, or contains, + a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution + will be respected and the object will be created in that namespace. + type: list + contains: + raw: + description: + - Raw is the underlying serialization of this object. + type: str + parameters: + description: + - parameters is an optional array of Parameters used during the Template + to Config transformation. + type: list + contains: + _from: + description: + - From is an input value for the generator. Optional. + type: str + description: + description: + - Description of a parameter. Optional. + type: str + display_name: + description: + - "Optional: The name that will show in UI instead of parameter\ + \ 'Name'" + type: str + generate: + description: + - 'generate specifies the generator to be used to generate random + string from an input value specified by From field. The result + string is stored into Value field. If empty, no generator is being + used, leaving the result Value untouched. Optional. The only supported + generator is "expression", which accepts a "from" value in the + form of a simple regular expression containing the range expression + "[a-zA-Z0-9]", and the length expression "a{length}". Examples: + from | value ----------------------------- "test[0-9]{1}x" | "test7x" + "[0-1]{8}" | "01001100" "0x[A-F0-9]{4}" | "0xB3AF" "[a-zA-Z0-9]{8}" + | "hW4yQU5i"' + type: str + name: + description: + - Name must be set and it can be referenced in Template Items using + ${PARAMETER_NAME}. Required. + type: str + required: + description: + - 'Optional: Indicates the parameter must have a value. Defaults + to false.' + type: bool + value: + description: + - Value holds the Parameter data. If specified, the generator will + be ignored. The value replaces all occurrences of the Parameter + ${Name} expression during the Template to Config transformation. + Optional. + type: str + status: + description: + - status describes the current state of this TemplateInstance. + type: complex + contains: + conditions: + description: + - conditions represent the latest available observations of a TemplateInstance's + current state. + type: list + contains: + last_transition_time: + description: + - LastTransitionTime is the last time a condition status transitioned + from one state to another. + type: complex + contains: {} + message: + description: + - Message is a human readable description of the details of the last + transition, complementing reason. + type: str + reason: + description: + - Reason is a brief machine readable explanation for the condition's + last transition. + type: str + status: + description: + - Status of the condition, one of True, False or Unknown. + type: str + type: + description: + - Type of the condition, currently Ready or InstantiateFailure. + type: str + objects: + description: + - Objects references the objects created by the TemplateInstance. + type: list + contains: + ref: + description: + - ref is a reference to the created object. When used under .spec, only + name and namespace are used; these can contain references to parameters + which will be substituted following the usual rules. + type: complex + contains: + api_version: + description: + - API version of the referent. + type: str + field_path: + description: + - 'If referring to a piece of an object instead of an entire object, + this string should contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For example, if the + object reference is to a container within a pod, this would take + on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some + well-defined way of referencing a part of an object.' + type: str + kind: + description: + - Kind of the referent. + type: str + name: + description: + - Name of the referent. + type: str + namespace: + description: + - Namespace of the referent. + type: str + resource_version: + description: + - Specific resourceVersion to which this reference is made, if any. + type: str + uid: + description: + - UID of the referent. + type: str +''' + + +def main(): + try: + module = OpenShiftAnsibleModule('template_instance', 'V1') + except OpenShiftAnsibleException as exc: + # The helper failed to init, so there is no module object. All we can do is raise the error. + raise Exception(exc.message) + + try: + module.execute_module() + except OpenShiftAnsibleException as exc: + module.fail_json(msg="Module failed!", error=str(exc)) + + +if __name__ == '__main__': + main() diff --git a/library/openshift_v1_policy_binding_list.py b/library/openshift_v1_template_instance_list.py similarity index 51% rename from library/openshift_v1_policy_binding_list.py rename to library/openshift_v1_template_instance_list.py index bd57d659..48e6cfe4 100644 --- a/library/openshift_v1_policy_binding_list.py +++ b/library/openshift_v1_template_instance_list.py @@ -3,11 +3,11 @@ from ansible.module_utils.openshift_common import OpenShiftAnsibleModule, OpenShiftAnsibleException DOCUMENTATION = ''' -module: openshift_v1_policy_binding_list -short_description: OpenShift PolicyBindingList +module: openshift_v1_template_instance_list +short_description: OpenShift TemplateInstanceList description: -- Retrieve a list of policy_bindings. List operations provide a snapshot read of the - underlying objects, returning a resource_version representing a consistent version +- Retrieve a list of template_instances. List operations provide a snapshot read of + the underlying objects, returning a resource_version representing a consistent version of the listed objects. version_added: 2.3.0 author: OpenShift (@openshift) @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -99,7 +95,7 @@ RETURN = ''' api_version: type: string description: Requested API version -policy_binding_list: +template_instance_list: type: complex returned: when I(state) = C(present) contains: @@ -111,7 +107,7 @@ policy_binding_list: type: str items: description: - - Items is a list of PolicyBindings + - items is a list of Templateinstances type: list contains: api_version: @@ -126,15 +122,9 @@ policy_binding_list: Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. type: str - last_modified: - description: - - LastModified is the last time that any part of the PolicyBinding was created, - updated, or deleted - type: complex - contains: {} metadata: description: - - Standard object's metadata. + - Standard object metadata. type: complex contains: annotations: @@ -216,6 +206,153 @@ policy_binding_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -252,6 +389,14 @@ policy_binding_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -291,61 +436,50 @@ policy_binding_list: not allowed to change on PUT operations. Populated by the system. Read-only. type: str - policy_ref: + spec: description: - - PolicyRef is a reference to the Policy that contains all the Roles that - this PolicyBinding's RoleBindings may reference + - spec describes the desired state of this TemplateInstance. type: complex contains: - api_version: + requester: description: - - API version of the referent. - type: str - field_path: + - requester holds the identity of the agent requesting the template + instantiation. + type: complex + contains: + extra: + description: + - extra holds additional information provided by the authenticator. + type: complex + contains: str, list[str] + groups: + description: + - groups represent the groups this user is a part of. + type: list + contains: str + uid: + description: + - uid is a unique value that identifies this user across time; if + this user is deleted and another user by the same name is added, + they will have different UIDs. + type: str + username: + description: + - username uniquely identifies this user among all active users. + type: str + secret: description: - - 'If referring to a piece of an object instead of an entire object, - this string should contain a valid JSON/Go field access statement, - such as desiredState.manifest.containers[2]. For example, if the object - reference is to a container within a pod, this would take on a value - like: "spec.containers{name}" (where "name" refers to the name of - the container that triggered the event) or if no container name is - specified "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way of referencing - a part of an object.' - type: str - kind: + - secret is a reference to a Secret object containing the necessary + template parameters. + type: complex + contains: + name: + description: + - Name of the referent. + type: str + template: description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - namespace: - description: - - Namespace of the referent. - type: str - resource_version: - description: - - Specific resourceVersion to which this reference is made, if any. - type: str - uid: - description: - - UID of the referent. - type: str - role_bindings: - description: - - RoleBindings holds all the RoleBindings held by this PolicyBinding, mapped - by RoleBinding.Name - type: list - contains: - name: - description: - - Name is the name of the role binding - type: str - role_binding: - description: - - RoleBinding is the role binding being named + - template is a full copy of the template for instantiation. type: complex contains: api_version: @@ -354,19 +488,27 @@ policy_binding_list: of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. type: str - group_names: - description: - - GroupNames holds all the groups directly bound to the role. This - field should only be specified when supporting legacy clients - and servers. See Subjects for further details. - type: list - contains: str kind: description: - Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. type: str + labels: + description: + - labels is a optional set of labels that are applied to every object + during the Template to Config transformation. + type: complex + contains: str, str + message: + description: + - message is an optional instructional message that will be displayed + when this template is instantiated. This field should inform the + user how to utilize the newly created resources. Parameter substitution + will be performed on the message before being displayed so that + generated credentials and other parameters can be included in + the output. + type: str metadata: description: - Standard object's metadata. @@ -458,6 +600,162 @@ policy_binding_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system + invariant at object creation time. This field is a list of + initializers that have not yet acted on this object. If nil + or empty, this object has been completely initialized. Otherwise, + the object is considered uninitialized and is hidden (in list/watch + and get calls) from clients that haven't explicitly asked + to observe uninitialized objects. When an object is created, + the system will populate this list with the current set of + initializers. Only privileged users may set or modify this + list. Once it is empty, it may not be modified further by + any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in + order before this object is visible. When the last pending + initializer is removed, and no failing result is set, + the initializers struct will be set to nil and the object + is considered as initialized and visible to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing + this object. + type: str + result: + description: + - If result is set with the Failure field, the object will + be persisted to storage and then deleted, ensuring that + other clients can observe the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas + to the latest internal value, and may reject unrecognized + values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not + set. + type: int + details: + description: + - Extended data associated with the reason. Each reason + may define its own extended details. This field is + optional and the data returned is not guaranteed to + conform to any schema except that defined by the reason + type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated + with the StatusReason failure. Not all StatusReasons + may provide detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused + this error, as named by its JSON serialization. + May include dot and postfix notation for nested + attributes. Arrays are zero-indexed. Fields + may appear more than once in an array of causes + due to fields having multiple errors. Optional. + Examples: "name" - the field "name" on the + current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause + of the error. This field may be presented + as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause + of the error. If this value is empty there + is no information available. + type: str + group: + description: + - The group attribute of the resource associated + with the status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated + with the status StatusReason. On some operations + may differ from the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated + with the status StatusReason (when there is a + single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource + this object represents. Servers may infer this from + the endpoint the client submits requests to. Cannot + be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this + operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version + of this object that can be used by clients to + determine when objects have changed. Value must + be treated as opaque by clients and passed unmodified + back to the server. Populated by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation + is in the "Failure" status. If this value is empty + there is no information available. A Reason clarifies + an HTTP status code but does not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize @@ -496,6 +794,15 @@ policy_binding_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of + the owner, otherwise 422 (Unprocessable Entity) will be + returned. + type: bool controller: description: - If true, this reference points to the managing controller. @@ -536,12 +843,114 @@ policy_binding_list: of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. type: str - role_ref: + objects: description: - - RoleRef can only reference the current namespace and the global - namespace. If the RoleRef cannot be resolved, the Authorizer must - return an error. Since Policy is a singleton, this is sufficient - knowledge to locate a role. + - objects is an array of resources to include in this template. + If a namespace value is hardcoded in the object, it will be removed + during template instantiation, however if the namespace value + is, or contains, a ${PARAMETER_REFERENCE}, the resolved value + after parameter substitution will be respected and the object + will be created in that namespace. + type: list + contains: + raw: + description: + - Raw is the underlying serialization of this object. + type: str + parameters: + description: + - parameters is an optional array of Parameters used during the + Template to Config transformation. + type: list + contains: + _from: + description: + - From is an input value for the generator. Optional. + type: str + description: + description: + - Description of a parameter. Optional. + type: str + display_name: + description: + - "Optional: The name that will show in UI instead of parameter\ + \ 'Name'" + type: str + generate: + description: + - 'generate specifies the generator to be used to generate random + string from an input value specified by From field. The result + string is stored into Value field. If empty, no generator + is being used, leaving the result Value untouched. Optional. + The only supported generator is "expression", which accepts + a "from" value in the form of a simple regular expression + containing the range expression "[a-zA-Z0-9]", and the length + expression "a{length}". Examples: from | value ----------------------------- + "test[0-9]{1}x" | "test7x" "[0-1]{8}" | "01001100" "0x[A-F0-9]{4}" + | "0xB3AF" "[a-zA-Z0-9]{8}" | "hW4yQU5i"' + type: str + name: + description: + - Name must be set and it can be referenced in Template Items + using ${PARAMETER_NAME}. Required. + type: str + required: + description: + - 'Optional: Indicates the parameter must have a value. Defaults + to false.' + type: bool + value: + description: + - Value holds the Parameter data. If specified, the generator + will be ignored. The value replaces all occurrences of the + Parameter ${Name} expression during the Template to Config + transformation. Optional. + type: str + status: + description: + - status describes the current state of this TemplateInstance. + type: complex + contains: + conditions: + description: + - conditions represent the latest available observations of a TemplateInstance's + current state. + type: list + contains: + last_transition_time: + description: + - LastTransitionTime is the last time a condition status transitioned + from one state to another. + type: complex + contains: {} + message: + description: + - Message is a human readable description of the details of the + last transition, complementing reason. + type: str + reason: + description: + - Reason is a brief machine readable explanation for the condition's + last transition. + type: str + status: + description: + - Status of the condition, one of True, False or Unknown. + type: str + type: + description: + - Type of the condition, currently Ready or InstantiateFailure. + type: str + objects: + description: + - Objects references the objects created by the TemplateInstance. + type: list + contains: + ref: + description: + - ref is a reference to the created object. When used under .spec, + only name and namespace are used; these can contain references + to parameters which will be substituted following the usual rules. type: complex contains: api_version: @@ -582,62 +991,6 @@ policy_binding_list: description: - UID of the referent. type: str - subjects: - description: - - Subjects hold object references to authorize with this rule. This - field is ignored if UserNames or GroupNames are specified to support - legacy clients and servers. Thus newer clients that do not need - to support backwards compatibility should send only fully qualified - Subjects and should omit the UserNames and GroupNames fields. - Clients that need to support backwards compatibility can use this - field to build the UserNames and GroupNames. - type: list - contains: - api_version: - description: - - API version of the referent. - type: str - field_path: - description: - - 'If referring to a piece of an object instead of an entire - object, this string should contain a valid JSON/Go field access - statement, such as desiredState.manifest.containers[2]. For - example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object.' - type: str - kind: - description: - - Kind of the referent. - type: str - name: - description: - - Name of the referent. - type: str - namespace: - description: - - Namespace of the referent. - type: str - resource_version: - description: - - Specific resourceVersion to which this reference is made, - if any. - type: str - uid: - description: - - UID of the referent. - type: str - user_names: - description: - - UserNames holds all the usernames directly bound to the role. - This field should only be specified when supporting legacy clients - and servers. See Subjects for further details. - type: list - contains: str kind: description: - Kind is a string value representing the REST resource this object represents. @@ -646,7 +999,7 @@ policy_binding_list: type: str metadata: description: - - Standard object's metadata. + - Standard object metadata. type: complex contains: resource_version: @@ -665,7 +1018,7 @@ policy_binding_list: def main(): try: - module = OpenShiftAnsibleModule('policy_binding_list', 'V1') + module = OpenShiftAnsibleModule('template_instance_list', 'V1') except OpenShiftAnsibleException as exc: # The helper failed to init, so there is no module object. All we can do is raise the error. raise Exception(exc.message) diff --git a/library/openshift_v1_template_list.py b/library/openshift_v1_template_list.py index 8685f2d9..a089c91b 100644 --- a/library/openshift_v1_template_list.py +++ b/library/openshift_v1_template_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -224,6 +220,153 @@ template_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -260,6 +403,14 @@ template_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_user.py b/library/openshift_v1_user.py index 95dfdbd4..295bbefc 100644 --- a/library/openshift_v1_user.py +++ b/library/openshift_v1_user.py @@ -120,7 +120,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -243,6 +243,150 @@ user: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -278,6 +422,14 @@ user: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_user_identity_mapping.py b/library/openshift_v1_user_identity_mapping.py index 8b5c66bb..695afc33 100644 --- a/library/openshift_v1_user_identity_mapping.py +++ b/library/openshift_v1_user_identity_mapping.py @@ -189,7 +189,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -336,6 +336,150 @@ user_identity_mapping: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant at + object creation time. This field is a list of initializers that have not + yet acted on this object. If nil or empty, this object has been completely + initialized. Otherwise, the object is considered uninitialized and is + hidden (in list/watch and get calls) from clients that haven't explicitly + asked to observe uninitialized objects. When an object is created, the + system will populate this list with the current set of initializers. Only + privileged users may set or modify this list. Once it is empty, it may + not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be set + to nil and the object is considered as initialized and visible to + all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may define + its own extended details. This field is optional and the data + returned is not guaranteed to conform to any schema except that + defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with the + StatusReason failure. Not all StatusReasons may provide detailed + causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot and + postfix notation for nested attributes. Arrays are zero-indexed. + Fields may appear more than once in an array of causes + due to fields having multiple errors. Optional. Examples: + "name" - the field "name" on the current resource "items[0].name" + - the field "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the error. + If this value is empty there is no information available. + type: str + group: + description: + - The group attribute of the resource associated with the status + StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the status + StatusReason. On some operations may differ from the requested + resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the status + StatusReason (when there is a single name which can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation should + be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource which + can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this object + represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of this + object that can be used by clients to determine when objects + have changed. Value must be treated as opaque by clients and + passed unmodified back to the server. Populated by the system. + Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated by the + system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in the + "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does not + override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -371,6 +515,14 @@ user_identity_mapping: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until this + reference is removed. Defaults to false. To set this field, a user + needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller. diff --git a/library/openshift_v1_user_list.py b/library/openshift_v1_user_list.py index 3c090774..6f08d4ff 100644 --- a/library/openshift_v1_user_list.py +++ b/library/openshift_v1_user_list.py @@ -46,10 +46,6 @@ options: options are provided, the openshift client will attempt to load the default configuration file from I(~/.kube/config.json). type: path - namespace: - description: - - Namespaces provide a scope for names. Names of resources need to be unique within - a namespace, but not across namespaces. Provide the namespace for the object. password: description: - Provide a password for connecting to the API. Use in conjunction with I(username). @@ -89,7 +85,7 @@ options: - Whether or not to verify the API server's SSL certificates. type: bool requirements: -- openshift == 1.0.0-snapshot +- openshift == 0.3.1 ''' EXAMPLES = ''' @@ -226,6 +222,153 @@ user_list: - A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. type: int + initializers: + description: + - An initializer is a controller which enforces some system invariant + at object creation time. This field is a list of initializers that + have not yet acted on this object. If nil or empty, this object has + been completely initialized. Otherwise, the object is considered uninitialized + and is hidden (in list/watch and get calls) from clients that haven't + explicitly asked to observe uninitialized objects. When an object + is created, the system will populate this list with the current set + of initializers. Only privileged users may set or modify this list. + Once it is empty, it may not be modified further by any user. + type: complex + contains: + pending: + description: + - Pending is a list of initializers that must execute in order before + this object is visible. When the last pending initializer is removed, + and no failing result is set, the initializers struct will be + set to nil and the object is considered as initialized and visible + to all clients. + type: list + contains: + name: + description: + - name of the process that is responsible for initializing this + object. + type: str + result: + description: + - If result is set with the Failure field, the object will be persisted + to storage and then deleted, ensuring that other clients can observe + the deletion. + type: complex + contains: + api_version: + description: + - APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized values. + type: str + code: + description: + - Suggested HTTP return code for this status, 0 if not set. + type: int + details: + description: + - Extended data associated with the reason. Each reason may + define its own extended details. This field is optional and + the data returned is not guaranteed to conform to any schema + except that defined by the reason type. + type: complex + contains: + causes: + description: + - The Causes array includes more details associated with + the StatusReason failure. Not all StatusReasons may provide + detailed causes. + type: list + contains: + field: + description: + - 'The field of the resource that has caused this error, + as named by its JSON serialization. May include dot + and postfix notation for nested attributes. Arrays + are zero-indexed. Fields may appear more than once + in an array of causes due to fields having multiple + errors. Optional. Examples: "name" - the field "name" + on the current resource "items[0].name" - the field + "name" on the first array entry in "items"' + type: str + message: + description: + - A human-readable description of the cause of the error. + This field may be presented as-is to a reader. + type: str + reason: + description: + - A machine-readable description of the cause of the + error. If this value is empty there is no information + available. + type: str + group: + description: + - The group attribute of the resource associated with the + status StatusReason. + type: str + kind: + description: + - The kind attribute of the resource associated with the + status StatusReason. On some operations may differ from + the requested resource Kind. + type: str + name: + description: + - The name attribute of the resource associated with the + status StatusReason (when there is a single name which + can be described). + type: str + retry_after_seconds: + description: + - If specified, the time in seconds before the operation + should be retried. + type: int + uid: + description: + - UID of the resource. (when there is a single resource + which can be described). + type: str + kind: + description: + - Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + type: str + message: + description: + - A human-readable description of the status of this operation. + type: str + metadata: + description: + - Standard list metadata. + type: complex + contains: + resource_version: + description: + - String that identifies the server's internal version of + this object that can be used by clients to determine when + objects have changed. Value must be treated as opaque + by clients and passed unmodified back to the server. Populated + by the system. Read-only. + type: str + self_link: + description: + - SelfLink is a URL representing this object. Populated + by the system. Read-only. + type: str + reason: + description: + - A machine-readable description of why this operation is in + the "Failure" status. If this value is empty there is no information + available. A Reason clarifies an HTTP status code but does + not override it. + type: str + status: + description: + - 'Status of the operation. One of: "Success" or "Failure".' + type: str labels: description: - Map of string keys and values that can be used to organize and categorize @@ -262,6 +405,14 @@ user_list: description: - API version of the referent. type: str + block_owner_deletion: + description: + - If true, AND if the owner has the "foregroundDeletion" finalizer, + then the owner cannot be deleted from the key-value store until + this reference is removed. Defaults to false. To set this field, + a user needs "delete" permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: bool controller: description: - If true, this reference points to the managing controller.