From 241471f19d538975197c9f0bc3823f860de35411 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 21 Feb 2022 13:55:58 -0300 Subject: [PATCH] Release v0.11.0 --- charts/cloud-native-postgresql/Chart.yaml | 7 +- .../templates/crds/crds.yaml | 651 +++++++++++++----- 2 files changed, 479 insertions(+), 179 deletions(-) diff --git a/charts/cloud-native-postgresql/Chart.yaml b/charts/cloud-native-postgresql/Chart.yaml index e987dd6..cbf0a1e 100644 --- a/charts/cloud-native-postgresql/Chart.yaml +++ b/charts/cloud-native-postgresql/Chart.yaml @@ -16,16 +16,13 @@ apiVersion: v2 name: cloud-native-postgresql description: Cloud Native Postgresql Helm Chart icon: https://www.enterprisedb.com/themes/custom/edb_bootstrap_sass/edb-logo-disc-dark-2.svg - type: application -version: "0.10.0" - +version: "0.11.0" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning, they should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.12.0" - +appVersion: "1.13.0" sources: - https://github.com/EnterpriseDB/cloud-native-postgresql-helm keywords: diff --git a/charts/cloud-native-postgresql/templates/crds/crds.yaml b/charts/cloud-native-postgresql/templates/crds/crds.yaml index 7bbfadd..6b7e779 100644 --- a/charts/cloud-native-postgresql/templates/crds/crds.yaml +++ b/charts/cloud-native-postgresql/templates/crds/crds.yaml @@ -1068,11 +1068,12 @@ spec: compression: description: Compress a backup file (a tar file per tablespace) while streaming it to the object store. Available options - are empty string (no compression, default), `gzip` or - `bzip2`. + are empty string (no compression, default), `gzip`, + `bzip2` or `snappy`. enum: - gzip - bzip2 + - snappy type: string encryption: description: Whenever to force the encryption of files @@ -1123,6 +1124,12 @@ spec: description: Endpoint to be used to upload data to the cloud, overriding the automatic endpoint discovery type: string + historyTags: + additionalProperties: + type: string + description: HistoryTags is a list of key value pairs that + will be passed to the Barman --history-tags option. + type: object s3Credentials: description: The credentials to use to upload data to S3 properties: @@ -1160,6 +1167,12 @@ spec: description: The server name on S3, the cluster name is used if this parameter is omitted type: string + tags: + additionalProperties: + type: string + description: Tags is a list of key value pairs that will be + passed to the Barman --tags option. + type: object wal: description: The configuration for the backup of the WAL stream. When not defined, WAL files will be stored uncompressed @@ -1169,10 +1182,11 @@ spec: compression: description: Compress a WAL file before sending it to the object store. Available options are empty string - (no compression, default), `gzip` or `bzip2`. + (no compression, default), `gzip`, `bzip2` or `snappy`. enum: - gzip - bzip2 + - snappy type: string encryption: description: Whenever to force the encryption of files @@ -1269,6 +1283,7 @@ spec: redwood: description: If we need to enable/disable Redwood compatibility. Requires EPAS and for EPAS defaults to true + nullable: true type: boolean secret: description: Name of the secret containing the initial credentials @@ -1507,10 +1522,11 @@ spec: description: Compress a backup file (a tar file per tablespace) while streaming it to the object store. Available options are empty string (no compression, - default), `gzip` or `bzip2`. + default), `gzip`, `bzip2` or `snappy`. enum: - gzip - bzip2 + - snappy type: string encryption: description: Whenever to force the encryption of files @@ -1561,6 +1577,12 @@ spec: description: Endpoint to be used to upload data to the cloud, overriding the automatic endpoint discovery type: string + historyTags: + additionalProperties: + type: string + description: HistoryTags is a list of key value pairs that + will be passed to the Barman --history-tags option. + type: object s3Credentials: description: The credentials to use to upload data to S3 properties: @@ -1598,6 +1620,12 @@ spec: description: The server name on S3, the cluster name is used if this parameter is omitted type: string + tags: + additionalProperties: + type: string + description: Tags is a list of key value pairs that will + be passed to the Barman --tags option. + type: object wal: description: The configuration for the backup of the WAL stream. When not defined, WAL files will be stored uncompressed @@ -1607,10 +1635,11 @@ spec: compression: description: Compress a WAL file before sending it to the object store. Available options are empty string - (no compression, default), `gzip` or `bzip2`. + (no compression, default), `gzip`, `bzip2` or `snappy`. enum: - gzip - bzip2 + - snappy type: string encryption: description: Whenever to force the encryption of files @@ -1775,6 +1804,7 @@ spec: operates in trial mode and after the expiry date (default 30 days) the operator will cease any reconciliation attempt. For details, please refer to the license agreement that comes with the operator. + nullable: true type: string licenseKeySecret: description: The reference to the license key. When this is set it @@ -1880,7 +1910,7 @@ spec: reusePVC: default: true description: Reuse the existing PVC (wait for the node to come - up again) or not (recreate it elsewhere) + up again) or not (recreate it elsewhere - when `instances` >1) type: boolean required: - inProgress @@ -2077,7 +2107,11 @@ spec: type: object resources: description: 'Resources represents the minimum resources the - volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + volume should have. If RecoverVolumeExpansionFailure feature + is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher + than capacity recorded in the status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -2265,6 +2299,32 @@ spec: cloudNativePostgresqlOperatorHash: description: The hash of the binary of the operator type: string + conditions: + description: Conditions for cluster object + items: + description: ClusterCondition describes the state of a cluster object + at a certain point + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of the condition. + type: string + type: object + type: array configMapResourceVersion: description: The list of resource versions of the configmaps, managed by the operator. Every change here is done in the interest of the @@ -3751,9 +3811,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3818,10 +3876,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -3846,20 +3905,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -3924,10 +3980,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -3953,8 +4010,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -3976,6 +4032,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4041,9 +4117,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4147,8 +4222,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -4170,6 +4244,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4235,9 +4329,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4321,12 +4414,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4346,7 +4441,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -4354,11 +4451,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -4366,6 +4465,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -4385,7 +4486,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -4395,6 +4497,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -4417,7 +4521,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -4445,6 +4550,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -4493,8 +4600,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -4516,6 +4622,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4581,9 +4707,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4807,21 +4932,21 @@ spec: be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters that + haven't disabled the EphemeralContainers feature gate. items: - description: An EphemeralContainer is a container that may - be added temporarily to an existing pod for user-initiated + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not - be restarted when they exit or when a pod is removed or - restarted. If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. Ephemeral - containers may not be added by directly updating the pod - spec. They must be added via the pod's ephemeralcontainers - subresource, and they will appear in the pod spec once - added. This is an alpha feature enabled by the EphemeralContainers - feature flag. + be restarted when they exit or when a Pod is removed or + restarted. The kubelet may evict a Pod if an ephemeral + container causes the Pod to exceed its resource allocation. + \n To add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers may + not be removed or restarted. \n This is a beta feature + available on clusters that haven't disabled the EphemeralContainers + feature gate." properties: args: description: 'Arguments to the entrypoint. The docker @@ -5041,9 +5166,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -5108,10 +5231,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -5136,20 +5260,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -5214,10 +5335,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -5241,8 +5363,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -5264,6 +5385,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -5329,9 +5470,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5418,12 +5558,15 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -5445,6 +5588,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -5510,9 +5673,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5597,12 +5759,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -5622,7 +5786,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -5630,11 +5796,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -5642,6 +5810,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -5661,7 +5831,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -5671,6 +5842,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -5693,7 +5866,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -5721,6 +5895,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -5761,8 +5937,7 @@ spec: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -5784,6 +5959,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -5849,9 +6044,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -5914,13 +6108,15 @@ spec: will never receive an EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container from + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then - the ephemeral container is run in whatever namespaces - are shared for the pod. Note that the container runtime - must support this feature. + the ephemeral container uses the namespaces configured + in the Pod spec. \n The container runtime must implement + support for this feature. If the runtime does not + support namespace targeting then the result of setting + this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file to which @@ -5972,7 +6168,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -6320,9 +6517,7 @@ spec: info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -6387,10 +6582,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -6415,20 +6611,17 @@ spec: or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes - or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period - countdown begins before the PreStop hooked is - executed. Regardless of the outcome of the handler, - the container will eventually terminate within - the Pod''s termination grace period. Other management - of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the action - to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line @@ -6493,10 +6686,11 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle - hook' + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect @@ -6522,8 +6716,7 @@ spec: be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -6545,6 +6738,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -6610,9 +6823,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -6716,8 +6928,7 @@ spec: the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -6739,6 +6950,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -6804,9 +7035,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -6890,12 +7120,14 @@ spec: if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities - granted by the container runtime. + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -6915,7 +7147,9 @@ spec: privileged: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent - to root on the host. Defaults to false. + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. type: boolean procMount: description: procMount denotes the type of proc @@ -6923,11 +7157,13 @@ spec: DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to - be enabled. + be enabled. Note that this field cannot be set + when spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only - root filesystem. Default is false. + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint of the @@ -6935,6 +7171,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: @@ -6954,7 +7192,8 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in - SecurityContext takes precedence. + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -6964,6 +7203,8 @@ spec: container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label that @@ -6986,7 +7227,8 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -7014,6 +7256,8 @@ spec: from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -7062,8 +7306,7 @@ spec: operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: Exec specifies the action to take. properties: command: description: Command is the command line to @@ -7085,6 +7328,26 @@ spec: Defaults to 3. Minimum value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is an alpha field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -7150,9 +7413,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook' + description: TCPSocket specifies an action involving + a TCP port. properties: host: description: 'Optional: Host name to connect @@ -7332,6 +7594,35 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is + set. \n If the OS field is set to linux, the following fields + must be unset: -securityContext.windowsOptions \n If the + OS field is set to windows, following fields must be unset: + - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This is + an alpha field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be + one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -7428,7 +7719,8 @@ spec: in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any - volume." + volume. Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -7439,14 +7731,16 @@ spec: permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, - "Always" is used.' + "Always" is used. Note that this field cannot be set + when spec.os.name is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -7465,7 +7759,8 @@ spec: if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -7474,7 +7769,8 @@ spec: allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -7495,7 +7791,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set when + spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -7520,7 +7817,8 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added - to any container. + to any container. Note that this field cannot be set + when spec.os.name is windows. items: format: int64 type: integer @@ -7528,7 +7826,8 @@ spec: sysctls: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. + the container runtime) might fail to launch. Note that + this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set @@ -7549,7 +7848,8 @@ spec: all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the GMSA @@ -7766,7 +8066,7 @@ spec: higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P @@ -8218,9 +8518,7 @@ spec: to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes - at the same time. \n This is a beta feature and only - available when the GenericEphemeralVolume feature - gate is enabled." + at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone @@ -8352,8 +8650,13 @@ spec: type: object resources: description: 'Resources represents the minimum - resources the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are + lower than previous value but must still + be higher than capacity recorded in the + status field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: