// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
optionalstringvolumeID=1;
// fsType is the filesystem type of the volume that you want to mount.
// Tip: Ensure that the filesystem type is supported by the host operating system.
// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
// TODO: how do we prevent errors in the filesystem from compromising the machine
// +optional
optionalstringfsType=2;
// partition is the partition in the volume that you want to mount.
// If omitted, the default is to mount by volume name.
// Examples: For volume /dev/sda1, you specify the partition as "1".
// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
// +optional
optionalint32partition=3;
// readOnly value true will force the readOnly setting in VolumeMounts.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
// +optional
optionalboolreadOnly=4;
}
// Affinity is a group of affinity scheduling rules.
messageAffinity{
// Describes node affinity scheduling rules for the pod.
// +optional
optionalNodeAffinitynodeAffinity=1;
// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
// +optional
optionalPodAffinitypodAffinity=2;
// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
// +optional
optionalPodAntiAffinitypodAntiAffinity=3;
}
// AttachedVolume describes a volume attached to a node
messageAttachedVolume{
// Name of the attached volume
optionalstringname=1;
// DevicePath represents the device path where the volume should be available
optionalstringdevicePath=2;
}
// AvoidPods describes pods that should avoid this node. This is the value for a
// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and
// will eventually become a field of NodeStatus.
messageAvoidPods{
// Bounded-sized list of signatures of pods that should avoid this node, sorted
// in timestamp order from oldest to newest. Size of the slice is unspecified.
// +optional
repeatedPreferAvoidPodsEntrypreferAvoidPods=1;
}
// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
messageAzureDiskVolumeSource{
// diskName is the Name of the data disk in the blob storage
optionalstringdiskName=1;
// diskURI is the URI of data disk in the blob storage
optionalstringdiskURI=2;
// cachingMode is the Host Caching mode: None, Read Only, Read Write.
// +optional
optionalstringcachingMode=3;
// fsType is Filesystem type to mount.
// Must be a filesystem type supported by the host operating system.
// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
// +optional
optionalstringfsType=4;
// readOnly Defaults to false (read/write). ReadOnly here will force
// the ReadOnly setting in VolumeMounts.
// +optional
optionalboolreadOnly=5;
// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
optionalstringkind=6;
}
// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
messageAzureFilePersistentVolumeSource{
// secretName is the name of secret that contains Azure Storage Account Name and Key
optionalstringsecretName=1;
// shareName is the azure Share Name
optionalstringshareName=2;
// readOnly defaults to false (read/write). ReadOnly here will force
// the ReadOnly setting in VolumeMounts.
// +optional
optionalboolreadOnly=3;
// secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key
// default is the same as the Pod
// +optional
optionalstringsecretNamespace=4;
}
// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
messageAzureFileVolumeSource{
// secretName is the name of secret that contains Azure Storage Account Name and Key
optionalstringsecretName=1;
// shareName is the azure share Name
optionalstringshareName=2;
// readOnly defaults to false (read/write). ReadOnly here will force
// the ReadOnly setting in VolumeMounts.
// +optional
optionalboolreadOnly=3;
}
// Binding ties one object to another; for example, a pod is bound to a node by a scheduler.
// Deprecated in 1.7, please use the bindings subresource of pods instead.
messageBinding{
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optionalObjectMetametadata=1;
// The target object that you want to bind to the standard object.
optionalObjectReferencetarget=2;
}
// Represents storage that is managed by an external CSI volume driver (Beta feature)
messageCSIPersistentVolumeSource{
// driver is the name of the driver to use for this volume.
// Required.
optionalstringdriver=1;
// volumeHandle is the unique volume name returned by the CSI volume
// plugin’s CreateVolume to refer to the volume on all subsequent calls.
// Required.
optionalstringvolumeHandle=2;
// readOnly value to pass to ControllerPublishVolumeRequest.
// Defaults to false (read/write).
// +optional
optionalboolreadOnly=3;
// fsType to mount. Must be a filesystem type supported by the host operating system.
// Ex. "ext4", "xfs", "ntfs".
// +optional
optionalstringfsType=4;
// volumeAttributes of the volume to publish.
// +optional
map<string,string>volumeAttributes=5;
// controllerPublishSecretRef is a reference to the secret object containing
// sensitive information to pass to the CSI driver to complete the CSI
// ControllerPublishVolume and ControllerUnpublishVolume calls.
// This field is optional, and may be empty if no secret is required. If the
// secret object contains more than one secret, all secrets are passed.
// items if unspecified, each key-value pair in the Data field of the referenced
// ConfigMap will be projected into the volume as a file whose name is the
// key and content is the value. If specified, the listed keys will be
// projected into the specified paths, and unlisted keys will not be
// present. If a key is specified which is not present in the ConfigMap,
// the volume setup will error unless it is marked optional. Paths must be
// relative and may not contain the '..' path or start with '..'.
// +optional
repeatedKeyToPathitems=2;
// defaultMode is optional: mode bits used to set permissions on created files by default.
// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
// Defaults to 0644.
// Directories within the path are not affected by this setting.
// This might be in conflict with other options that affect the file
// mode, like fsGroup, and the result can be other mode bits set.
// +optional
optionalint32defaultMode=3;
// optional specify whether the ConfigMap or its keys must be defined
// +optional
optionalbooloptional=4;
}
// A single application container that you want to run within a pod.
messageContainer{
// Name of the container specified as a DNS_LABEL.
// Each container in a pod must have a unique name (DNS_LABEL).
// Cannot be updated.
optionalstringname=1;
// Container image name.
// More info: https://kubernetes.io/docs/concepts/containers/images
// This field is optional to allow higher level config management to default or override
// container images in workload controllers like Deployments and StatefulSets.
// +optional
optionalstringimage=2;
// Entrypoint array. Not executed within a shell.
// The container image's ENTRYPOINT is used if this is not provided.
// Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
// cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
// produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
// of whether the variable exists or not. Cannot be updated.
// More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
// +optional
repeatedstringcommand=3;
// Arguments to the entrypoint.
// The container image's CMD is used if this is not provided.
// Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
// cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
// produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
// of whether the variable exists or not. Cannot be updated.
// More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
// +optional
repeatedstringargs=4;
// Container's working directory.
// If not specified, the container runtime's default will be used, which
// might be configured in the container image.
// Cannot be updated.
// +optional
optionalstringworkingDir=5;
// List of ports to expose from the container. Not specifying a port here
// DOES NOT prevent that port from being exposed. Any port which is
// listening on the default "0.0.0.0" address inside a container will be
// accessible from the network.
// Modifying this array with strategic merge patch may corrupt the data.
// For more information See https://github.com/kubernetes/kubernetes/issues/108255.
// Cannot be updated.
// +optional
// +patchMergeKey=containerPort
// +patchStrategy=merge
// +listType=map
// +listMapKey=containerPort
// +listMapKey=protocol
repeatedContainerPortports=6;
// List of sources to populate environment variables in the container.
// The keys defined within a source must be a C_IDENTIFIER. All invalid keys
// will be reported as an event when the container is starting. When a key exists in multiple
// sources, the value associated with the last source will take precedence.
// Values defined by an Env with a duplicate key will take precedence.
// Cannot be updated.
// +optional
repeatedEnvFromSourceenvFrom=19;
// List of environment variables to set in the container.
// Cannot be updated.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
repeatedEnvVarenv=7;
// Compute Resources required by this container.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
// +optional
optionalResourceRequirementsresources=8;
// Resources resize policy for the container.
// +featureGate=InPlacePodVerticalScaling
// +optional
// +listType=atomic
repeatedContainerResizePolicyresizePolicy=23;
// RestartPolicy defines the restart behavior of individual containers in a pod.
// This field may only be set for init containers, and the only allowed value is "Always".
// For non-init containers or when this field is not specified,
// the restart behavior is defined by the Pod's restart policy and the container type.
// Setting the RestartPolicy as "Always" for the init container will have the following effect:
// this init container will be continually restarted on
// exit until all regular containers have terminated. Once all regular
// containers have completed, all init containers with restartPolicy "Always"
// will be shut down. This lifecycle differs from normal init containers and
// is often referred to as a "sidecar" container. Although this init
// container still starts in the init container sequence, it does not wait
// for the container to complete before proceeding to the next init
// container. Instead, the next init container starts immediately after this
// init container is started, or after any startupProbe has successfully
// completed.
// +featureGate=SidecarContainers
// +optional
optionalstringrestartPolicy=24;
// Pod volumes to mount into the container's filesystem.
// Cannot be updated.
// +optional
// +patchMergeKey=mountPath
// +patchStrategy=merge
repeatedVolumeMountvolumeMounts=9;
// volumeDevices is the list of block devices to be used by the container.
// +patchMergeKey=devicePath
// +patchStrategy=merge
// +optional
repeatedVolumeDevicevolumeDevices=21;
// Periodic probe of container liveness.
// Container will be restarted if the probe fails.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
// +optional
optionalProbelivenessProbe=10;
// Periodic probe of container service readiness.
// Container will be removed from service endpoints if the probe fails.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
// +optional
optionalProbereadinessProbe=11;
// StartupProbe indicates that the Pod has successfully initialized.
// If specified, no other probes are executed until this completes successfully.
// If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
// This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
// when it might take a long time to load data or warm a cache, than during steady-state operation.
// This cannot be updated.
// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
// +optional
optionalProbestartupProbe=22;
// Actions that the management system should take in response to container lifecycle events.
// Cannot be updated.
// +optional
optionalLifecyclelifecycle=12;
// Optional: Path at which the file to which the container's termination message
// will be written is mounted into the container's filesystem.
// Message written is intended to be brief final status, such as an assertion failure message.
// Will be truncated by the node if greater than 4096 bytes. The total message length across
// all containers will be limited to 12kb.
// Defaults to /dev/termination-log.
// Cannot be updated.
// +optional
optionalstringterminationMessagePath=13;
// Indicate how the termination message should be populated. File will use the contents of
// terminationMessagePath to populate the container status message on both success and failure.
// FallbackToLogsOnError will use the last chunk of container log output if the termination
// message file is empty and the container exited with an error.
// The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
// Defaults to File.
// Cannot be updated.
// +optional
optionalstringterminationMessagePolicy=20;
// Image pull policy.
// One of Always, Never, IfNotPresent.
// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
// +optional
optionalstringimagePullPolicy=14;
// SecurityContext defines the security options the container should be run with.
// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
// +optional
optionalSecurityContextsecurityContext=15;
// Whether this container should allocate a buffer for stdin in the container runtime. If this
// is not set, reads from stdin in the container will always result in EOF.
// Default is false.
// +optional
optionalboolstdin=16;
// Whether the container runtime should close the stdin channel after it has been opened by
// a single attach. When stdin is true the stdin stream will remain open across multiple attach
// sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
// first client attaches to stdin, and then remains open and accepts data until the client disconnects,
// at which time stdin is closed and remains closed until the container is restarted. If this
// flag is false, a container processes that reads from stdin will never receive an EOF.
// Default is false
// +optional
optionalboolstdinOnce=17;
// Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
// Default is false.
// +optional
optionalbooltty=18;
}
// Describe a container image
messageContainerImage{
// Names by which this image is known.
// e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"]
// +optional
repeatedstringnames=1;
// The size of the image in bytes.
// +optional
optionalint64sizeBytes=2;
}
// ContainerPort represents a network port in a single container.
messageContainerPort{
// If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
// named port in a pod must have a unique name. Name for the port that can be
// referred to by services.
// +optional
optionalstringname=1;
// Number of port to expose on the host.
// If specified, this must be a valid port number, 0 < x < 65536.
// If HostNetwork is specified, this must match ContainerPort.
// Most containers do not need this.
// +optional
optionalint32hostPort=2;
// Number of port to expose on the pod's IP address.
// This must be a valid port number, 0 < x < 65536.
optionalint32containerPort=3;
// Protocol for port. Must be UDP, TCP, or SCTP.
// Defaults to "TCP".
// +optional
// +default="TCP"
optionalstringprotocol=4;
// What host IP to bind the external port to.
// +optional
optionalstringhostIP=5;
}
// ContainerResizePolicy represents resource resize policy for the container.
messageContainerResizePolicy{
// Name of the resource to which this resource resize policy applies.
// Supported values: cpu, memory.
optionalstringresourceName=1;
// Restart policy to apply when specified resource is resized.
// If not specified, it defaults to NotRequired.
optionalstringrestartPolicy=2;
}
// ContainerState holds a possible state of container.
// Only one of its members may be specified.
// If none of them is specified, the default one is ContainerStateWaiting.
messageContainerState{
// Details about a waiting container
// +optional
optionalContainerStateWaitingwaiting=1;
// Details about a running container
// +optional
optionalContainerStateRunningrunning=2;
// Details about a terminated container
// +optional
optionalContainerStateTerminatedterminated=3;
}
// ContainerStateRunning is a running state of a container.
messageContainerStateRunning{
// Time at which the container was last (re-)started
// +optional
optionalTimestartedAt=1;
}
// ContainerStateTerminated is a terminated state of a container.
messageContainerStateTerminated{
// Exit status from the last termination of the container
optionalint32exitCode=1;
// Signal from the last termination of the container
// +optional
optionalint32signal=2;
// (brief) reason from the last termination of the container
// +optional
optionalstringreason=3;
// Message regarding the last termination of the container
// +optional
optionalstringmessage=4;
// Time at which previous execution of the container started
// +optional
optionalTimestartedAt=5;
// Time at which the container last terminated
// +optional
optionalTimefinishedAt=6;
// Container's ID in the format '<type>://<container_id>'
// +optional
optionalstringcontainerID=7;
}
// ContainerStateWaiting is a waiting state of a container.
messageContainerStateWaiting{
// (brief) reason the container is not yet running.
// +optional
optionalstringreason=1;
// Message regarding why the container is not yet running.
// +optional
optionalstringmessage=2;
}
// ContainerStatus contains details for the current status of this container.
messageContainerStatus{
// Name is a DNS_LABEL representing the unique name of the container.
// Each container in a pod must have a unique name across all container types.
// Cannot be updated.
optionalstringname=1;
// State holds details about the container's current condition.
// +optional
optionalContainerStatestate=2;
// LastTerminationState holds the last termination state of the container to
// help debug container crashes and restarts. This field is not
// populated if the container is still running and RestartCount is 0.
// +optional
optionalContainerStatelastState=3;
// Ready specifies whether the container is currently passing its readiness check.
// The value will change as readiness probes keep executing. If no readiness
// probes are specified, this field defaults to true once the container is
// fully started (see Started field).
//
// The value is typically used to determine whether a container is ready to
// accept traffic.
optionalboolready=4;
// RestartCount holds the number of times the container has been restarted.
// Kubelet makes an effort to always increment the value, but there
// are cases when the state may be lost due to node restarts and then the value
// may be reset to 0. The value is never negative.
optionalint32restartCount=5;
// Image is the name of container image that the container is running.
// The container image may not match the image used in the PodSpec,
// as it may have been resolved by the runtime.
// More info: https://kubernetes.io/docs/concepts/containers/images.
optionalstringimage=6;
// ImageID is the image ID of the container's image. The image ID may not
// match the image ID of the image used in the PodSpec, as it may have been
// resolved by the runtime.
optionalstringimageID=7;
// ContainerID is the ID of the container in the format '<type>://<container_id>'.
// Where type is a container runtime identifier, returned from Version call of CRI API
// (for example "containerd").
// +optional
optionalstringcontainerID=8;
// Started indicates whether the container has finished its postStart lifecycle hook
// and passed its startup probe.
// Initialized as false, becomes true after startupProbe is considered
// successful. Resets to false when the container is restarted, or if kubelet
// loses state temporarily. In both cases, startup probes will run again.
// Is always true when no startupProbe is defined and container is running and
// has passed the postStart lifecycle hook. The null value must be treated the
// same as false.
// +optional
optionalboolstarted=9;
// AllocatedResources represents the compute resources allocated for this container by the
// node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission
// and after successfully admitting desired pod resize.
// +featureGate=InPlacePodVerticalScaling
// +optional
map<string,Quantity>allocatedResources=10;
// Resources represents the compute resource requests and limits that have been successfully
// enacted on the running container after it has been started or has been successfully resized.
// +featureGate=InPlacePodVerticalScaling
// +optional
optionalResourceRequirementsresources=11;
}
// DaemonEndpoint contains information about a single Daemon endpoint.
messageDaemonEndpoint{
// Port number of the given endpoint.
optionalint32Port=1;
}
// Represents downward API info for projecting into a projected volume.
// Note that this is identical to a downwardAPI volume source without the default
// mode.
messageDownwardAPIProjection{
// Items is a list of DownwardAPIVolume file
// +optional
repeatedDownwardAPIVolumeFileitems=1;
}
// DownwardAPIVolumeFile represents information to create the file containing the pod field
messageDownwardAPIVolumeFile{
// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
optionalstringpath=1;
// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
// +optional
optionalObjectFieldSelectorfieldRef=2;
// Selects a resource of the container: only resources limits and requests
// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
// +optional
optionalResourceFieldSelectorresourceFieldRef=3;
// Optional: mode bits used to set permissions on this file, must be an octal value
// between 0000 and 0777 or a decimal value between 0 and 511.
// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
// If not specified, the volume defaultMode will be used.
// This might be in conflict with other options that affect the file
// mode, like fsGroup, and the result can be other mode bits set.
// +optional
optionalint32mode=4;
}
// DownwardAPIVolumeSource represents a volume containing downward API info.
// Downward API volumes support ownership management and SELinux relabeling.
messageDownwardAPIVolumeSource{
// Items is a list of downward API volume file
// +optional
repeatedDownwardAPIVolumeFileitems=1;
// Optional: mode bits to use on created files by default. Must be a
// Optional: mode bits used to set permissions on created files by default.
// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
// Defaults to 0644.
// Directories within the path are not affected by this setting.
// This might be in conflict with other options that affect the file
// mode, like fsGroup, and the result can be other mode bits set.
// +optional
optionalint32defaultMode=2;
}
// Represents an empty directory for a pod.
// Empty directory volumes support ownership management and SELinux relabeling.
messageEmptyDirVolumeSource{
// medium represents what type of storage medium should back this directory.
// The default is "" which means to use the node's default medium.
// Must be an empty string (default) or Memory.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
// +optional
optionalstringmedium=1;
// sizeLimit is the total amount of local storage required for this EmptyDir volume.
// The size limit is also applicable for memory medium.
// The maximum usage on memory medium EmptyDir would be the minimum value between
// the SizeLimit specified here and the sum of memory limits of all containers in a pod.
// The default is nil which means that the limit is undefined.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
// +optional
optionalQuantitysizeLimit=2;
}
// EndpointAddress is a tuple that describes single IP address.
// +structType=atomic
messageEndpointAddress{
// The IP of this endpoint.
// May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10),
// or link-local multicast (224.0.0.0/24 or ff02::/16).
optionalstringip=1;
// The Hostname of this endpoint
// +optional
optionalstringhostname=3;
// Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.
// +optional
optionalstringnodeName=4;
// Reference to object providing the endpoint.
// +optional
optionalObjectReferencetargetRef=2;
}
// EndpointPort is a tuple that describes a single port.
// +structType=atomic
messageEndpointPort{
// The name of this port. This must match the 'name' field in the
// corresponding ServicePort.
// Must be a DNS_LABEL.
// Optional only if one port is defined.
// +optional
optionalstringname=1;
// The port number of the endpoint.
optionalint32port=2;
// The IP protocol for this port.
// Must be UDP, TCP, or SCTP.
// Default is TCP.
// +optional
optionalstringprotocol=3;
// The application protocol for this port.
// This is used as a hint for implementations to offer richer behavior for protocols that they understand.
// This field follows standard Kubernetes label syntax.
// Valid values are either:
//
// * Un-prefixed protocol names - reserved for IANA standard service names (as per
// RFC-6335 and https://www.iana.org/assignments/service-names).
//
// * Kubernetes-defined prefixed names:
// * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
//
// * Other protocols should use implementation-defined prefixed names such as
// mycompany.com/my-custom-protocol.
// +optional
optionalstringappProtocol=4;
}
// EndpointSubset is a group of addresses with a common set of ports. The
// expanded set of endpoints is the Cartesian product of Addresses x Ports.
// Event is a report of an event somewhere in the cluster. Events
// have a limited retention time and triggers and messages may evolve
// with time. Event consumers should not rely on the timing of an event
// with a given Reason reflecting a consistent underlying trigger, or the
// continued existence of events with that Reason. Events should be
// treated as informative, best-effort, supplemental data.
messageEvent{
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optionalObjectMetametadata=1;
// The object that this event is about.
optionalObjectReferenceinvolvedObject=2;
// This should be a short, machine understandable string that gives the reason
// for the transition into the object's current status.
// TODO: provide exact specification for format.
// +optional
optionalstringreason=3;
// A human-readable description of the status of this operation.
// TODO: decide on maximum length.
// +optional
optionalstringmessage=4;
// The component reporting this event. Should be a short machine understandable string.
// +optional
optionalEventSourcesource=5;
// The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)
// +optional
optionalTimefirstTimestamp=6;
// The time at which the most recent occurrence of this event was recorded.
// +optional
optionalTimelastTimestamp=7;
// The number of times this event has occurred.
// +optional
optionalint32count=8;
// Type of this event (Normal, Warning), new types could be added in the future
// +optional
optionalstringtype=9;
// Time when this Event was first observed.
// +optional
optionalMicroTimeeventTime=10;
// Data about the Event series this event represents or nil if it's a singleton Event.
// +optional
optionalEventSeriesseries=11;
// What action was taken/failed regarding to the Regarding object.
// +optional
optionalstringaction=12;
// Optional secondary object for more complex actions.
// +optional
optionalObjectReferencerelated=13;
// Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.
// +optional
optionalstringreportingComponent=14;
// ID of the controller instance, e.g. `kubelet-xyzf`.
// +optional
optionalstringreportingInstance=15;
}
// EventList is a list of events.
messageEventList{
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
optionalListMetametadata=1;
// List of events
repeatedEventitems=2;
}
// EventSeries contain information on series of events, i.e. thing that was/is happening
// continuously for some time.
messageEventSeries{
// Number of occurrences in this series up to the last heartbeat time
optionalint32count=1;
// Time of the last occurrence observed
optionalMicroTimelastObservedTime=2;
}
// EventSource contains information for an event.
messageEventSource{
// Component from which the event is generated.
// +optional
optionalstringcomponent=1;
// Node name on which the event is generated.
// +optional
optionalstringhost=2;
}
// ExecAction describes a "run in container" action.
messageExecAction{
// Command is the command line to execute inside the container, the working directory for the
// command is root ('/') in the container's filesystem. The command is simply exec'd, it is
// not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
// a shell, you need to explicitly call out to that shell.
// Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
// +optional
repeatedstringcommand=1;
}
// Represents a Fibre Channel volume.
// Fibre Channel volumes can only be mounted as read/write once.
// Fibre Channel volumes support ownership management and SELinux relabeling.
messageFCVolumeSource{
// targetWWNs is Optional: FC target worldwide names (WWNs)
// +optional
repeatedstringtargetWWNs=1;
// lun is Optional: FC target lun number
// +optional
optionalint32lun=2;
// fsType is the filesystem type to mount.
// Must be a filesystem type supported by the host operating system.
// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
// TODO: how do we prevent errors in the filesystem from compromising the machine
// +optional
optionalstringfsType=3;
// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
// the ReadOnly setting in VolumeMounts.
// +optional
optionalboolreadOnly=4;
// wwids Optional: FC volume world wide identifiers (wwids)
// Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
// +optional
repeatedstringwwids=5;
}
// FlexPersistentVolumeSource represents a generic persistent volume resource that is
// provisioned/attached using an exec based plugin.
messageFlexPersistentVolumeSource{
// driver is the name of the driver to use for this volume.
optionalstringdriver=1;
// fsType is the Filesystem type to mount.
// Must be a filesystem type supported by the host operating system.
// Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
// +optional
optionalstringfsType=2;
// secretRef is Optional: SecretRef is reference to the secret object containing
// sensitive information to pass to the plugin scripts. This may be
// empty if no secret object is specified. If the secret object
// contains more than one secret, all secrets are passed to the plugin
// scripts.
// +optional
optionalSecretReferencesecretRef=3;
// readOnly is Optional: defaults to false (read/write). ReadOnly here will force
// the ReadOnly setting in VolumeMounts.
// +optional
optionalboolreadOnly=4;
// options is Optional: this field holds extra command options if any.
// +optional
map<string,string>options=5;
}
// FlexVolume represents a generic volume resource that is
// provisioned/attached using an exec based plugin.
messageFlexVolumeSource{
// driver is the name of the driver to use for this volume.
optionalstringdriver=1;
// fsType is the filesystem type to mount.
// Must be a filesystem type supported by the host operating system.
// Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
// +optional
optionalstringfsType=2;
// secretRef is Optional: secretRef is reference to the secret object containing
// sensitive information to pass to the plugin scripts. This may be
// empty if no secret object is specified. If the secret object
// contains more than one secret, all secrets are passed to the plugin
// scripts.
// +optional
optionalLocalObjectReferencesecretRef=3;
// readOnly is Optional: defaults to false (read/write). ReadOnly here will force
// the ReadOnly setting in VolumeMounts.
// +optional
optionalboolreadOnly=4;
// options is Optional: this field holds extra command options if any.
// +optional
map<string,string>options=5;
}
// Represents a Flocker volume mounted by the Flocker agent.
// One and only one of datasetName and datasetUUID should be set.
// Flocker volumes do not support ownership management or SELinux relabeling.
messageFlockerVolumeSource{
// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
// should be considered as deprecated
// +optional
optionalstringdatasetName=1;
// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
// +optional
optionalstringdatasetUUID=2;
}
// Represents a Persistent Disk resource in Google Compute Engine.
//
// A GCE PD must exist before mounting to a container. The disk must
// also be in the same GCE project and zone as the kubelet. A GCE PD
// can only be mounted as read/write once or read-only many times. GCE
// PDs support ownership management and SELinux relabeling.
messageGCEPersistentDiskVolumeSource{
// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
optionalstringpdName=1;
// fsType is filesystem type of the volume that you want to mount.
// Tip: Ensure that the filesystem type is supported by the host operating system.
// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
// TODO: how do we prevent errors in the filesystem from compromising the machine
// +optional
optionalstringfsType=2;
// partition is the partition in the volume that you want to mount.
// If omitted, the default is to mount by volume name.
// Examples: For volume /dev/sda1, you specify the partition as "1".
// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
// +optional
optionalint32partition=3;
// readOnly here will force the ReadOnly setting in VolumeMounts.
// Defaults to false.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
// +optional
optionalboolreadOnly=4;
}
messageGRPCAction{
// Port number of the gRPC service. Number must be in the range 1 to 65535.
optionalint32port=1;
// Service is the name of the service to place in the gRPC HealthCheckRequest
// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
//
// If this is not specified, the default behavior is defined by gRPC.
// +optional
// +default=""
optionalstringservice=2;
}
// Represents a volume that is populated with the contents of a git repository.
// Git repo volumes do not support ownership management.
// Git repo volumes support SELinux relabeling.
//
// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
// into the Pod's container.
messageGitRepoVolumeSource{
// repository is the URL
optionalstringrepository=1;
// revision is the commit hash for the specified revision.
// +optional
optionalstringrevision=2;
// directory is the target directory name.
// Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
// git repository. Otherwise, if specified, the volume will contain the git repository in
// the subdirectory with the given name.
// +optional
optionalstringdirectory=3;
}
// Represents a Glusterfs mount that lasts the lifetime of a pod.
// Glusterfs volumes do not support ownership management or SELinux relabeling.
messageGlusterfsPersistentVolumeSource{
// endpoints is the endpoint name that details Glusterfs topology.
// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
optionalstringendpoints=1;
// path is the Glusterfs volume path.
// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
optionalstringpath=2;
// readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
// Defaults to false.
// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
// +optional
optionalboolreadOnly=3;
// endpointsNamespace is the namespace that contains Glusterfs endpoint.
// If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC.
// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
// +optional
optionalstringendpointsNamespace=4;
}
// Represents a Glusterfs mount that lasts the lifetime of a pod.
// Glusterfs volumes do not support ownership management or SELinux relabeling.
messageGlusterfsVolumeSource{
// endpoints is the endpoint name that details Glusterfs topology.
// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
optionalstringendpoints=1;
// path is the Glusterfs volume path.
// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
optionalstringpath=2;
// readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
// Defaults to false.
// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
// +optional
optionalboolreadOnly=3;
}
// HTTPGetAction describes an action based on HTTP Get requests.
messageHTTPGetAction{
// Path to access on the HTTP server.
// +optional
optionalstringpath=1;
// Name or number of the port to access on the container.
// Number must be in the range 1 to 65535.
// Name must be an IANA_SVC_NAME.
optionalIntOrStringport=2;
// Host name to connect to, defaults to the pod IP. You probably want to set
// "Host" in httpHeaders instead.
// +optional
optionalstringhost=3;
// Scheme to use for connecting to the host.
// Defaults to HTTP.
// +optional
optionalstringscheme=4;
// Custom headers to set in the request. HTTP allows repeated headers.
// +optional
repeatedHTTPHeaderhttpHeaders=5;
}
// HTTPHeader describes a custom header to be used in HTTP probes
messageHTTPHeader{
// The header field name.
// This will be canonicalized upon output, so case-variant names will be understood as the same header.
optionalstringname=1;
// The header field value
optionalstringvalue=2;
}
// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
// pod's hosts file.
messageHostAlias{
// IP address of the host file entry.
optionalstringip=1;
// Hostnames for the above IP address.
repeatedstringhostnames=2;
}
// HostIP represents a single IP address allocated to the host.
messageHostIP{
// IP is the IP address assigned to the host
optionalstringip=1;
}
// Represents a host path mapped into a pod.
// Host path volumes do not support ownership management or SELinux relabeling.
messageHostPathVolumeSource{
// path of the directory on the host.
// If the path is a symlink, it will follow the link to the real path.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
optionalstringpath=1;
// type for HostPath Volume
// Defaults to ""
// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
// +optional
optionalstringtype=2;
}
// ISCSIPersistentVolumeSource represents an ISCSI disk.
// ISCSI volumes can only be mounted as read/write once.
// ISCSI volumes support ownership management and SELinux relabeling.
messageISCSIPersistentVolumeSource{
// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
// is other than default (typically TCP ports 860 and 3260).
optionalstringtargetPortal=1;
// iqn is Target iSCSI Qualified Name.
optionalstringiqn=2;
// lun is iSCSI Target Lun number.
optionalint32lun=3;
// iscsiInterface is the interface Name that uses an iSCSI transport.
// Defaults to 'default' (tcp).
// +optional
optionalstringiscsiInterface=4;
// fsType is the filesystem type of the volume that you want to mount.
// Tip: Ensure that the filesystem type is supported by the host operating system.
// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
// TODO: how do we prevent errors in the filesystem from compromising the machine
// +optional
optionalstringfsType=5;
// readOnly here will force the ReadOnly setting in VolumeMounts.
// Defaults to false.
// +optional
optionalboolreadOnly=6;
// portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port
// is other than default (typically TCP ports 860 and 3260).
// +optional
repeatedstringportals=7;
// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
// +optional
optionalboolchapAuthDiscovery=8;
// chapAuthSession defines whether support iSCSI Session CHAP authentication
// +optional
optionalboolchapAuthSession=11;
// secretRef is the CHAP Secret for iSCSI target and initiator authentication
// +optional
optionalSecretReferencesecretRef=10;
// initiatorName is the custom iSCSI Initiator Name.
// If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
// <target portal>:<volume name> will be created for the connection.
// +optional
optionalstringinitiatorName=12;
}
// Represents an ISCSI disk.
// ISCSI volumes can only be mounted as read/write once.
// ISCSI volumes support ownership management and SELinux relabeling.
messageISCSIVolumeSource{
// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
// is other than default (typically TCP ports 860 and 3260).
optionalstringtargetPortal=1;
// iqn is the target iSCSI Qualified Name.
optionalstringiqn=2;
// lun represents iSCSI Target Lun number.
optionalint32lun=3;
// iscsiInterface is the interface Name that uses an iSCSI transport.
// Defaults to 'default' (tcp).
// +optional
optionalstringiscsiInterface=4;
// fsType is the filesystem type of the volume that you want to mount.
// Tip: Ensure that the filesystem type is supported by the host operating system.
// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
// TODO: how do we prevent errors in the filesystem from compromising the machine
// +optional
optionalstringfsType=5;
// readOnly here will force the ReadOnly setting in VolumeMounts.
// Defaults to false.
// +optional
optionalboolreadOnly=6;
// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
// is other than default (typically TCP ports 860 and 3260).
// +optional
repeatedstringportals=7;
// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
// +optional
optionalboolchapAuthDiscovery=8;
// chapAuthSession defines whether support iSCSI Session CHAP authentication
// +optional
optionalboolchapAuthSession=11;
// secretRef is the CHAP Secret for iSCSI target and initiator authentication
// +optional
optionalLocalObjectReferencesecretRef=10;
// initiatorName is the custom iSCSI Initiator Name.
// If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
// <target portal>:<volume name> will be created for the connection.
// +optional
optionalstringinitiatorName=12;
}
// Maps a string key to a path within a volume.
messageKeyToPath{
// key is the key to project.
optionalstringkey=1;
// path is the relative path of the file to map the key to.
// May not be an absolute path.
// May not contain the path element '..'.
// May not start with the string '..'.
optionalstringpath=2;
// mode is Optional: mode bits used to set permissions on this file.
// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
// If not specified, the volume defaultMode will be used.
// This might be in conflict with other options that affect the file
// mode, like fsGroup, and the result can be other mode bits set.
// +optional
optionalint32mode=3;
}
// Lifecycle describes actions that the management system should take in response to container lifecycle
// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks
// until the action is complete, unless the container process fails, in which case the handler is aborted.
messageLifecycle{
// PostStart is called immediately after a container is created. If the handler fails,
// the container is terminated and restarted according to its restart policy.
// Other management of the container blocks until the hook completes.
// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
// +optional
optionalLifecycleHandlerpostStart=1;
// PreStop is called immediately before a container is terminated due to an
// API request or management event such as liveness/startup probe failure,
// preemption, resource contention, etc. The handler is not called if the
// container crashes or exits. The Pod's termination grace period countdown begins before the
// PreStop hook is executed. Regardless of the outcome of the handler, the
// container will eventually terminate within the Pod's termination grace
// period (unless delayed by finalizers). Other management of the container blocks until the hook completes
// or until the termination grace period is reached.
// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
// +optional
optionalLifecycleHandlerpreStop=2;
}
// LifecycleHandler defines a specific action that should be taken in a lifecycle
// hook. One and only one of the fields, except TCPSocket must be specified.
messageLifecycleHandler{
// Exec specifies the action to take.
// +optional
optionalExecActionexec=1;
// HTTPGet specifies the http request to perform.
// +optional
optionalHTTPGetActionhttpGet=2;
// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
// for the backward compatibility. There are no validation of this field and
// lifecycle hooks will fail in runtime when tcp handler is specified.
// +optional
optionalTCPSocketActiontcpSocket=3;
}
// LimitRange sets resource usage limits for each kind of resource in a Namespace.
messageLimitRange{
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optionalObjectMetametadata=1;
// Spec defines the limits enforced.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
optionalLimitRangeSpecspec=2;
}
// LimitRangeItem defines a min/max usage limit for any resource that matches on kind.
messageLimitRangeItem{
// Type of resource that this limit applies to.
optionalstringtype=1;
// Max usage constraints on this kind by resource name.
// +optional
map<string,Quantity>max=2;
// Min usage constraints on this kind by resource name.
// +optional
map<string,Quantity>min=3;
// Default resource requirement limit value by resource name if resource limit is omitted.
// +optional
map<string,Quantity>default=4;
// DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.
// +optional
map<string,Quantity>defaultRequest=5;
// MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.
// +optional
map<string,Quantity>maxLimitRequestRatio=6;
}
// LimitRangeList is a list of LimitRange items.
messageLimitRangeList{
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
optionalListMetametadata=1;
// Items is a list of LimitRange objects.
// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
repeatedLimitRangeitems=2;
}
// LimitRangeSpec defines a min/max usage limit for resources that match on kind.
messageLimitRangeSpec{
// Limits is the list of LimitRangeItem objects that are enforced.
repeatedLimitRangeItemlimits=1;
}
// LoadBalancerIngress represents the status of a load-balancer ingress point:
// traffic intended for the service should be sent to an ingress point.
messageLoadBalancerIngress{
// IP is set for load-balancer ingress points that are IP based
// (typically GCE or OpenStack load-balancers)
// +optional
optionalstringip=1;
// Hostname is set for load-balancer ingress points that are DNS based
// (typically AWS load-balancers)
// +optional
optionalstringhostname=2;
// IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified.
// Setting this to "VIP" indicates that traffic is delivered to the node with
// the destination set to the load-balancer's IP and port.
// Setting this to "Proxy" indicates that traffic is delivered to the node or pod with
// the destination set to the node's IP and node port or the pod's IP and port.
// Service implementations may use this information to adjust traffic routing.
// +optional
optionalstringipMode=3;
// Ports is a list of records of service ports
// If used, every port defined in the service should have an entry in it
// +listType=atomic
// +optional
repeatedPortStatusports=4;
}
// LoadBalancerStatus represents the status of a load-balancer.
messageLoadBalancerStatus{
// Ingress is a list containing ingress points for the load-balancer.
// Traffic intended for the service should be sent to these ingress points.
// +optional
repeatedLoadBalancerIngressingress=1;
}
// LocalObjectReference contains enough information to let you locate the
// referenced object inside the same namespace.
// +structType=atomic
messageLocalObjectReference{
// Name of the referent.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
// TODO: Add other useful fields. apiVersion, kind, uid?
// +optional
optionalstringname=1;
}
// Local represents directly-attached storage with node affinity (Beta feature)
messageLocalVolumeSource{
// path of the full path to the volume on the node.
// It can be either a directory or block device (disk, partition, ...).
optionalstringpath=1;
// fsType is the filesystem type to mount.
// It applies only when the Path is a block device.
// Must be a filesystem type supported by the host operating system.
// Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified.
// +optional
optionalstringfsType=2;
}
// Represents an NFS mount that lasts the lifetime of a pod.
// NFS volumes do not support ownership management or SELinux relabeling.
messageNFSVolumeSource{
// server is the hostname or IP address of the NFS server.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
optionalstringserver=1;
// path that is exported by the NFS server.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
optionalstringpath=2;
// readOnly here will force the NFS export to be mounted with read-only permissions.
// Defaults to false.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
// +optional
optionalboolreadOnly=3;
}
// Namespace provides a scope for Names.
// Use of multiple namespaces is optional.
messageNamespace{
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optionalObjectMetametadata=1;
// Spec defines the behavior of the Namespace.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
optionalNamespaceSpecspec=2;
// Status describes the current status of a Namespace.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
optionalNamespaceStatusstatus=3;
}
// NamespaceCondition contains details about state of namespace.
messageNamespaceCondition{
// Type of namespace controller condition.
optionalstringtype=1;
// Status of the condition, one of True, False, Unknown.
optionalstringstatus=2;
// +optional
optionalTimelastTransitionTime=4;
// +optional
optionalstringreason=5;
// +optional
optionalstringmessage=6;
}
// NamespaceList is a list of Namespaces.
messageNamespaceList{
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
optionalListMetametadata=1;
// Items is the list of Namespace objects in the list.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
repeatedNamespaceitems=2;
}
// NamespaceSpec describes the attributes on a Namespace.
messageNamespaceSpec{
// Finalizers is an opaque list of values that must be empty to permanently remove object from storage.
// More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
// +optional
repeatedstringfinalizers=1;
}
// NamespaceStatus is information about the current status of a Namespace.
messageNamespaceStatus{
// Phase is the current lifecycle phase of the namespace.
// More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
// +optional
optionalstringphase=1;
// Represents the latest available observations of a namespace's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
repeatedNamespaceConditionconditions=2;
}
// Node is a worker node in Kubernetes.
// Each node will have a unique identifier in the cache (i.e. in etcd).
messageNode{
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
optionalstringkernelVersion=4;
// OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
optionalstringosImage=5;
// ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2).
optionalstringcontainerRuntimeVersion=6;
// Kubelet Version reported by the node.
optionalstringkubeletVersion=7;
// KubeProxy Version reported by the node.
optionalstringkubeProxyVersion=8;
// The Operating System reported by the node
optionalstringoperatingSystem=9;
// The Architecture reported by the node
optionalstringarchitecture=10;
}
// ObjectFieldSelector selects an APIVersioned field of an object.
// +structType=atomic
messageObjectFieldSelector{
// Version of the schema the FieldPath is written in terms of, defaults to "v1".
// +optional
optionalstringapiVersion=1;
// Path of the field to select in the specified API version.
optionalstringfieldPath=2;
}
// ObjectReference contains enough information to let you inspect or modify the referred object.
// ---
// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular
// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
// Those cannot be well described when embedded.
// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity
// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple
// and the version of the actual struct is irrelevant.
// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type
// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.
//
// Instead of using this type, create a locally provided and used type that is well-focused on your reference.
// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
// +k8s:deepcopy-gen:interfaces=pb/runtime.Object
// +structType=atomic
messageObjectReference{
// Kind of the referent.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
optionalstringkind=1;
// Namespace of the referent.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
// +optional
optionalstringnamespace=2;
// Name of the referent.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
// +optional
optionalstringname=3;
// UID of the referent.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
// +optional
optionalstringuid=4;
// API version of the referent.
// +optional
optionalstringapiVersion=5;
// Specific resourceVersion to which this reference is made, if any.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
// +optional
optionalstringresourceVersion=6;
// If referring to a piece of an object instead of an entire object, this string
// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
// For example, if the object reference is to a container within a pod, this would take on a value like:
// "spec.containers{name}" (where "name" refers to the name of the container that triggered
// the event) or if no container name is specified "spec.containers[2]" (container with
// index 2 in this pod). This syntax is chosen only to have some well-defined way of
// referencing a part of an object.
// TODO: this design is not final and this field is subject to change in the future.
// +optional
optionalstringfieldPath=7;
}
// PersistentVolume (PV) is a storage resource provisioned by an administrator.
// It is analogous to a node.
// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
messagePersistentVolume{
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optionalObjectMetametadata=1;
// spec defines a specification of a persistent volume owned by the cluster.
// Provisioned by an administrator.
// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
// +optional
optionalPersistentVolumeSpecspec=2;
// status represents the current information/status for the persistent volume.
// Populated by the system.
// Read-only.
// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
// +optional
optionalPersistentVolumeStatusstatus=3;
}
// PersistentVolumeClaim is a user's request for and claim to a persistent volume
messagePersistentVolumeClaim{
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optionalObjectMetametadata=1;
// spec defines the desired characteristics of a volume requested by a pod author.
// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
// +optional
optionalPersistentVolumeClaimSpecspec=2;
// status represents the current information/status of a persistent volume claim.
// Read-only.
// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
// +optional
optionalPersistentVolumeClaimStatusstatus=3;
}
// PersistentVolumeClaimCondition contains details about state of pvc
messagePersistentVolumeClaimCondition{
optionalstringtype=1;
optionalstringstatus=2;
// lastProbeTime is the time we probed the condition.
// +optional
optionalTimelastProbeTime=3;
// lastTransitionTime is the time the condition transitioned from one status to another.
// +optional
optionalTimelastTransitionTime=4;
// reason is a unique, this should be a short, machine understandable string that gives the reason
// for condition's last transition. If it reports "ResizeStarted" that means the underlying
// persistent volume is being resized.
// +optional
optionalstringreason=5;
// message is the human-readable message indicating details about last transition.
// +optional
optionalstringmessage=6;
}
// PersistentVolumeClaimList is a list of PersistentVolumeClaim items.
messagePersistentVolumeClaimList{
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
optionalListMetametadata=1;
// items is a list of persistent volume claims.
// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
repeatedPersistentVolumeClaimitems=2;
}
// PersistentVolumeClaimSpec describes the common attributes of storage devices
// and allows a Source for provider-specific attributes
messagePersistentVolumeClaimSpec{
// accessModes contains the desired access modes the volume should have.
// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
// +optional
repeatedstringaccessModes=1;
// selector is a label query over volumes to consider for binding.
// +optional
optionalLabelSelectorselector=4;
// resources represents the minimum resources the volume should have.
// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
// that are lower than previous value but must still be higher than capacity recorded in the
// status field of the claim.
// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
// +optional
optionalVolumeResourceRequirementsresources=2;
// volumeName is the binding reference to the PersistentVolume backing this claim.
// +optional
optionalstringvolumeName=3;
// storageClassName is the name of the StorageClass required by the claim.
// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
// +optional
optionalstringstorageClassName=5;
// volumeMode defines what type of volume is required by the claim.
// Value of Filesystem is implied when not included in claim spec.
// +optional
optionalstringvolumeMode=6;
// dataSource field can be used to specify either:
// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
// * An existing PVC (PersistentVolumeClaim)
// If the provisioner or an external controller can support the specified data source,
// it will create a new volume based on the contents of the specified data source.
// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
// If the namespace is specified, then dataSourceRef will not be copied to dataSource.
// +optional
optionalTypedLocalObjectReferencedataSource=7;
// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
// volume is desired. This may be any object from a non-empty API group (non
// core object) or a PersistentVolumeClaim object.
// When this field is specified, volume binding will only succeed if the type of
// the specified object matches some installed volume populator or dynamic
// provisioner.
// This field will replace the functionality of the dataSource field and as such
// if both fields are non-empty, they must have the same value. For backwards
// compatibility, when namespace isn't specified in dataSourceRef,
// both fields (dataSource and dataSourceRef) will be set to the same
// value automatically if one of them is empty and the other is non-empty.
// When namespace is specified in dataSourceRef,
// dataSource isn't set to the same value and must be empty.
// There are three important differences between dataSource and dataSourceRef:
// * While dataSource only allows two specific types of objects, dataSourceRef
// allows any non-core object, as well as PersistentVolumeClaim objects.
// * While dataSource ignores disallowed values (dropping them), dataSourceRef
// preserves all values, and generates an error if a disallowed value is
// specified.
// * While dataSource only allows local objects, dataSourceRef allows objects
// in any namespaces.
// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
// +optional
optionalTypedObjectReferencedataSourceRef=8;
}
// PersistentVolumeClaimStatus is the current status of a persistent volume claim.
messagePersistentVolumeClaimStatus{
// phase represents the current phase of PersistentVolumeClaim.
// +optional
optionalstringphase=1;
// accessModes contains the actual access modes the volume backing the PVC has.
// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
// +optional
repeatedstringaccessModes=2;
// capacity represents the actual resources of the underlying volume.
// +optional
map<string,Quantity>capacity=3;
// conditions is the current Condition of persistent volume claim. If underlying persistent volume is being
// resized then the Condition will be set to 'ResizeStarted'.
// nfs represents an NFS mount on the host. Provisioned by an admin.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
// +optional
optionalNFSVolumeSourcenfs=5;
// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
// More info: https://examples.k8s.io/volumes/rbd/README.md
// +optional
optionalRBDPersistentVolumeSourcerbd=6;
// iscsi represents an ISCSI Disk resource that is attached to a
// kubelet's host machine and then exposed to the pod. Provisioned by an admin.
// +optional
optionalISCSIPersistentVolumeSourceiscsi=7;
// cinder represents a cinder volume attached and mounted on kubelets host machine.
// More info: https://examples.k8s.io/mysql-cinder-pd/README.md
// +optional
optionalCinderPersistentVolumeSourcecinder=8;
// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
// +optional
optionalCephFSPersistentVolumeSourcecephfs=9;
// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
// +optional
optionalFCVolumeSourcefc=10;
// flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
// +optional
optionalFlockerVolumeSourceflocker=11;
// flexVolume represents a generic volume resource that is
// provisioned/attached using an exec based plugin.
// +optional
optionalFlexPersistentVolumeSourceflexVolume=12;
// azureFile represents an Azure File Service mount on the host and bind mount to the pod.
// If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
// In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
// In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
// If a pod does not have FQDN, this has no effect.
// Default to false.
// +optional
optionalboolsetHostnameAsFQDN=35;
// Specifies the OS of the containers in the pod.
// Some pod and container fields are restricted if this is set.
//
// If the OS field is set to linux, the following fields must be unset:
// -securityContext.windowsOptions
//
// If the OS field is set to windows, following fields must be unset:
// TopologySpreadConstraint specifies how to spread matching pods among the given topology.
messageTopologySpreadConstraint{
// MaxSkew describes the degree to which pods may be unevenly distributed.
// When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
// between the number of matching pods in the target topology and the global minimum.
// The global minimum is the minimum number of matching pods in an eligible domain
// or zero if the number of eligible domains is less than MinDomains.
// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
// labelSelector spread as 2/2/1:
// In this case, the global minimum is 1.
// +-------+-------+-------+
// | zone1 | zone2 | zone3 |
// +-------+-------+-------+
// | P P | P P | P |
// +-------+-------+-------+
// - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
// scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
// violate MaxSkew(1).
// - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
// When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
// to topologies that satisfy it.
// It's a required field. Default value is 1 and 0 is not allowed.
optionalint32maxSkew=1;
// TopologyKey is the key of node labels. Nodes that have a label with this key
// and identical values are considered to be in the same topology.
// We consider each <key, value> as a "bucket", and try to put balanced number
// of pods into each bucket.
// We define a domain as a particular instance of a topology.
// Also, we define an eligible domain as a domain whose nodes meet the requirements of
// nodeAffinityPolicy and nodeTaintsPolicy.
// e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
// And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
// It's a required field.
optionalstringtopologyKey=2;
// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
// the spread constraint.
// - DoNotSchedule (default) tells the scheduler not to schedule it.
// - ScheduleAnyway tells the scheduler to schedule the pod in any location,
// but giving higher precedence to topologies that would help reduce the
// skew.
// A constraint is considered "Unsatisfiable" for an incoming pod
// if and only if every possible node assignment for that pod would violate
// "MaxSkew" on some topology.
// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
// labelSelector spread as 3/1/1:
// +-------+-------+-------+
// | zone1 | zone2 | zone3 |
// +-------+-------+-------+
// | P P P | P | P |
// +-------+-------+-------+
// If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
// to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
// MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
// won't make it *more* imbalanced.
// It's a required field.
optionalstringwhenUnsatisfiable=3;
// LabelSelector is used to find matching pods.
// Pods that match this label selector are counted to determine the number of pods
// in their corresponding topology domain.
// +optional
optionalLabelSelectorlabelSelector=4;
// MinDomains indicates a minimum number of eligible domains.
// When the number of eligible domains with matching topology keys is less than minDomains,
// Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
// And when the number of eligible domains with matching topology keys equals or greater than minDomains,
// this value has no effect on scheduling.
// As a result, when the number of eligible domains is less than minDomains,
// scheduler won't schedule more than maxSkew Pods to those domains.
// If value is nil, the constraint behaves as if MinDomains is equal to 1.
// Valid values are integers greater than 0.
// When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
//
// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
// labelSelector spread as 2/2/2:
// +-------+-------+-------+
// | zone1 | zone2 | zone3 |
// +-------+-------+-------+
// | P P | P P | P P |
// +-------+-------+-------+
// The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
// In this situation, new pod with the same labelSelector cannot be scheduled,
// because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
// it will violate MaxSkew.
//
// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
// +optional
optionalint32minDomains=5;
// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
// when calculating pod topology spread skew. Options are:
// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
//
// If this value is nil, the behavior is equivalent to the Honor policy.
// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
// +optional
optionalstringnodeAffinityPolicy=6;
// NodeTaintsPolicy indicates how we will treat node taints when calculating
// pod topology spread skew. Options are:
// - Honor: nodes without taints, along with tainted nodes for which the incoming pod
// has a toleration, are included.
// - Ignore: node taints are ignored. All nodes are included.
//
// If this value is nil, the behavior is equivalent to the Ignore policy.
// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
// +optional
optionalstringnodeTaintsPolicy=7;
// MatchLabelKeys is a set of pod label keys to select the pods over which
// spreading will be calculated. The keys are used to lookup values from the
// incoming pod labels, those key-value labels are ANDed with labelSelector
// to select the group of existing pods over which spreading will be calculated
// for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
// MatchLabelKeys cannot be set when LabelSelector isn't set.
// Keys that don't exist in the incoming pod labels will
// be ignored. A null or empty list means only match against labelSelector.
//
// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
// +listType=atomic
// +optional
repeatedstringmatchLabelKeys=8;
}
// TypedLocalObjectReference contains enough information to let you locate the
// typed referenced object inside the same namespace.
// +structType=atomic
messageTypedLocalObjectReference{
// APIGroup is the group for the resource being referenced.
// If APIGroup is not specified, the specified Kind must be in the core API group.
// For any other third-party types, APIGroup is required.
// +optional
optionalstringapiGroup=1;
// Kind is the type of resource being referenced
optionalstringkind=2;
// Name is the name of resource being referenced
optionalstringname=3;
}
messageTypedObjectReference{
// APIGroup is the group for the resource being referenced.
// If APIGroup is not specified, the specified Kind must be in the core API group.
// For any other third-party types, APIGroup is required.
// +optional
optionalstringapiGroup=1;
// Kind is the type of resource being referenced
optionalstringkind=2;
// Name is the name of resource being referenced
optionalstringname=3;
// Namespace is the namespace of resource being referenced
// Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
// (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
// +featureGate=CrossNamespaceVolumeDataSource
// +optional
optionalstringnamespace=4;
}
// Volume represents a named volume in a pod that may be accessed by any container in the pod.
messageVolume{
// name of the volume.
// Must be a DNS_LABEL and unique within the pod.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optionalstringname=1;
// volumeSource represents the location and type of the mounted volume.
// If not specified, the Volume is implied to be an EmptyDir.
// This implied behavior is deprecated and will be removed in a future version.
optionalVolumeSourcevolumeSource=2;
}
// volumeDevice describes a mapping of a raw block device within a container.
messageVolumeDevice{
// name must match the name of a persistentVolumeClaim in the pod
optionalstringname=1;
// devicePath is the path inside of the container that the device will be mapped to.
optionalstringdevicePath=2;
}
// VolumeMount describes a mounting of a Volume within a container.
messageVolumeMount{
// This must match the Name of a Volume.
optionalstringname=1;
// Mounted read-only if true, read-write otherwise (false or unspecified).
// Defaults to false.
// +optional
optionalboolreadOnly=2;
// Path within the container at which the volume should be mounted. Must
// not contain ':'.
optionalstringmountPath=3;
// Path within the volume from which the container's volume should be mounted.
// Defaults to "" (volume's root).
// +optional
optionalstringsubPath=4;
// mountPropagation determines how mounts are propagated from the host
// to container and the other way around.
// When not set, MountPropagationNone is used.
// This field is beta in 1.10.
// +optional
optionalstringmountPropagation=5;
// Expanded path within the volume from which the container's volume should be mounted.
// Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
// Defaults to "" (volume's root).
// SubPathExpr and SubPath are mutually exclusive.
// +optional
optionalstringsubPathExpr=6;
}
// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.
messageVolumeNodeAffinity{
// required specifies hard node constraints that must be met.
optionalNodeSelectorrequired=1;
}
// Projection that may be projected along with other supported volume types
messageVolumeProjection{
// secret information about the secret data to project
// +optional
optionalSecretProjectionsecret=1;
// downwardAPI information about the downwardAPI data to project
// +optional
optionalDownwardAPIProjectiondownwardAPI=2;
// configMap information about the configMap data to project
// +optional
optionalConfigMapProjectionconfigMap=3;
// serviceAccountToken is information about the serviceAccountToken data to project
