|
3806 | 3806 | "format": "int32", |
3807 | 3807 | "type": "integer" |
3808 | 3808 | }, |
| 3809 | + "podFailurePolicy": { |
| 3810 | + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicy", |
| 3811 | + "description": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default)." |
| 3812 | + }, |
3809 | 3813 | "selector": { |
3810 | 3814 | "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", |
3811 | 3815 | "description": "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors" |
|
3895 | 3899 | }, |
3896 | 3900 | "type": "object" |
3897 | 3901 | }, |
| 3902 | + "io.k8s.api.batch.v1.PodFailurePolicy": { |
| 3903 | + "description": "PodFailurePolicy describes how failed pods influence the backoffLimit.", |
| 3904 | + "properties": { |
| 3905 | + "rules": { |
| 3906 | + "description": "A list of pod failure policy rules. The rules are evaluated in order. Once a rule matches a Pod failure, the remaining of the rules are ignored. When no rule matches the Pod failure, the default handling applies - the counter of pod failures is incremented and it is checked against the backoffLimit. At most 20 elements are allowed.", |
| 3907 | + "items": { |
| 3908 | + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyRule" |
| 3909 | + }, |
| 3910 | + "type": "array", |
| 3911 | + "x-kubernetes-list-type": "atomic" |
| 3912 | + } |
| 3913 | + }, |
| 3914 | + "required": [ |
| 3915 | + "rules" |
| 3916 | + ], |
| 3917 | + "type": "object" |
| 3918 | + }, |
| 3919 | + "io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement": { |
| 3920 | + "description": "PodFailurePolicyOnExitCodesRequirement describes the requirement for handling a failed pod based on its container exit codes. In particular, it lookups the .state.terminated.exitCode for each app container and init container status, represented by the .status.containerStatuses and .status.initContainerStatuses fields in the Pod status, respectively. Containers completed with success (exit code 0) are excluded from the requirement check.", |
| 3921 | + "properties": { |
| 3922 | + "containerName": { |
| 3923 | + "description": "Restricts the check for exit codes to the container with the specified name. When null, the rule applies to all containers. When specified, it should match one the container or initContainer names in the pod template.", |
| 3924 | + "type": "string" |
| 3925 | + }, |
| 3926 | + "operator": { |
| 3927 | + "description": "Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are: - In: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is in the set of specified values.\n- NotIn: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is not in the set of specified values.\nAdditional values are considered to be added in the future. Clients should react to an unknown operator by assuming the requirement is not satisfied.\n\n", |
| 3928 | + "type": "string" |
| 3929 | + }, |
| 3930 | + "values": { |
| 3931 | + "description": "Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed.", |
| 3932 | + "items": { |
| 3933 | + "format": "int32", |
| 3934 | + "type": "integer" |
| 3935 | + }, |
| 3936 | + "type": "array", |
| 3937 | + "x-kubernetes-list-type": "set" |
| 3938 | + } |
| 3939 | + }, |
| 3940 | + "required": [ |
| 3941 | + "operator", |
| 3942 | + "values" |
| 3943 | + ], |
| 3944 | + "type": "object" |
| 3945 | + }, |
| 3946 | + "io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern": { |
| 3947 | + "description": "PodFailurePolicyOnPodConditionsPattern describes a pattern for matching an actual pod condition type.", |
| 3948 | + "properties": { |
| 3949 | + "status": { |
| 3950 | + "description": "Specifies the required Pod condition status. To match a pod condition it is required that the specified status equals the pod condition status. Defaults to True.", |
| 3951 | + "type": "string" |
| 3952 | + }, |
| 3953 | + "type": { |
| 3954 | + "description": "Specifies the required Pod condition type. To match a pod condition it is required that specified type equals the pod condition type.", |
| 3955 | + "type": "string" |
| 3956 | + } |
| 3957 | + }, |
| 3958 | + "required": [ |
| 3959 | + "type", |
| 3960 | + "status" |
| 3961 | + ], |
| 3962 | + "type": "object" |
| 3963 | + }, |
| 3964 | + "io.k8s.api.batch.v1.PodFailurePolicyRule": { |
| 3965 | + "description": "PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of OnExitCodes and onPodConditions, but not both, can be used in each rule.", |
| 3966 | + "properties": { |
| 3967 | + "action": { |
| 3968 | + "description": "Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are: - FailJob: indicates that the pod's job is marked as Failed and all\n running pods are terminated.\n- Ignore: indicates that the counter towards the .backoffLimit is not\n incremented and a replacement pod is created.\n- Count: indicates that the pod is handled in the default way - the\n counter towards the .backoffLimit is incremented.\nAdditional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.\n\n", |
| 3969 | + "type": "string" |
| 3970 | + }, |
| 3971 | + "onExitCodes": { |
| 3972 | + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement", |
| 3973 | + "description": "Represents the requirement on the container exit codes." |
| 3974 | + }, |
| 3975 | + "onPodConditions": { |
| 3976 | + "description": "Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.", |
| 3977 | + "items": { |
| 3978 | + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern" |
| 3979 | + }, |
| 3980 | + "type": "array", |
| 3981 | + "x-kubernetes-list-type": "atomic" |
| 3982 | + } |
| 3983 | + }, |
| 3984 | + "required": [ |
| 3985 | + "action", |
| 3986 | + "onPodConditions" |
| 3987 | + ], |
| 3988 | + "type": "object" |
| 3989 | + }, |
3898 | 3990 | "io.k8s.api.batch.v1.UncountedTerminatedPods": { |
3899 | 3991 | "description": "UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.", |
3900 | 3992 | "properties": { |
|
7492 | 7584 | }, |
7493 | 7585 | "claimRef": { |
7494 | 7586 | "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference", |
7495 | | - "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding" |
| 7587 | + "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding", |
| 7588 | + "x-kubernetes-map-type": "granular" |
7496 | 7589 | }, |
7497 | 7590 | "csi": { |
7498 | 7591 | "$ref": "#/definitions/io.k8s.api.core.v1.CSIPersistentVolumeSource", |
|
7998 | 8091 | "description": "Use the host's pid namespace. Optional: Default to false.", |
7999 | 8092 | "type": "boolean" |
8000 | 8093 | }, |
| 8094 | + "hostUsers": { |
| 8095 | + "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", |
| 8096 | + "type": "boolean" |
| 8097 | + }, |
8001 | 8098 | "hostname": { |
8002 | 8099 | "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", |
8003 | 8100 | "type": "string" |
|
8034 | 8131 | }, |
8035 | 8132 | "os": { |
8036 | 8133 | "$ref": "#/definitions/io.k8s.api.core.v1.PodOS", |
8037 | | - "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup" |
| 8134 | + "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup" |
8038 | 8135 | }, |
8039 | 8136 | "overhead": { |
8040 | 8137 | "additionalProperties": { |
|
13142 | 13239 | "description": "RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.\n\nNote: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.", |
13143 | 13240 | "type": "boolean" |
13144 | 13241 | }, |
| 13242 | + "seLinuxMount": { |
| 13243 | + "description": "SELinuxMount specifies if the CSI driver supports \"-o context\" mount option.\n\nWhen \"true\", the CSI driver must ensure that all volumes provided by this CSI driver can be mounted separately with different `-o context` options. This is typical for storage backends that provide volumes as filesystems on block devices or as independent shared volumes. Kubernetes will call NodeStage / NodePublish with \"-o context=xyz\" mount option when mounting a ReadWriteOncePod volume used in Pod that has explicitly set SELinux context. In the future, it may be expanded to other volume AccessModes. In any case, Kubernetes will ensure that the volume is mounted only with a single SELinux context.\n\nWhen \"false\", Kubernetes won't pass any special SELinux mount options to the driver. This is typical for volumes that represent subdirectories of a bigger shared filesystem.\n\nDefault is \"false\".", |
| 13244 | + "type": "boolean" |
| 13245 | + }, |
13145 | 13246 | "storageCapacity": { |
13146 | 13247 | "description": "If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information.\n\nThe check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object.\n\nAlternatively, the driver can be deployed with the field unset or false and it can be flipped later when storage capacity information has been published.\n\nThis field was immutable in Kubernetes <= 1.22 and now is mutable.", |
13147 | 13248 | "type": "boolean" |
|
0 commit comments