AuthorizationRequest is the authorization request used after some authentication methods (e.g. kerberos) to determine whether users are allowed to access the service
An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
It should hold only portable information about the container. Here, "portable" means "independent from the host we are running on". Non-portable information should appear in HostConfig. All fields added to this struct must be marked omitempty to keep getting predictable hashes from the old v1Compatibility configuration.
The contents of the target ConfigMap’s Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
The contents of the target ConfigMap’s Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.
ConnectionAuthPendingMetadata is a variant of ConnectionMetadata which is used when the client has already provided a Username, but the authentication has not completed yet.
ConnectionAuthenticatedMetadata is a variant of ConnectionMetadata which is used once the authentication has been completed. It contains the AuthenticatedUsername provided by the authentication system.
ConnectionMetadata holds a metadata structure passed around with a metadata. Its main purpose is to allow an authentication or authorization module to configure data exposed to the configuration server or the backend.
DockerExecutionModeConnection launches one container per SSH connection (default), while DockerExecutionModeSession launches one container per SSH session.
ImagePullPolicyAlways means that the container image will be pulled on every connection. ImagePullPolicyIfNotPresent means the image will be pulled if the image is not present locally, an empty tag, or the "latest" tag was specified. ImagePullPolicyNever means that the image will never be pulled, and if the image is not available locally the connection will fail.
A Duration represents the elapsed time between two instants as an int64 nanosecond count. The representation limits the largest representable duration to approximately 290 years.
To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted. This is a beta feature available on clusters that haven’t disabled the EphemeralContainers feature gate.
EphemeralContainerCommon is a copy of all fields in Container to be inlined in EphemeralContainer. This separate type allows easy conversion from EphemeralContainer to Container and allows separate documentation for the fields of EphemeralContainer. When a new field is added to Container it must be added here as well.
The bits have the same definition on all systems, so that information about files can be moved from one system to another portably. Not all bits apply to all systems. The only required bit is ModeDir for directories.
A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.
KubernetesExecutionModeConnection launches one container per SSH connection (default), while KubernetesExecutionModeSession launches one container per SSH session.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. +structType=atomic
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
NetworkingConfig represents the container’s networking configuration for each of its interfaces Carries the networking configs specified in the docker run and docker network connect commands
A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms. +structType=atomic
A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +structType=atomic
OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field. +structType=atomic
This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running
Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
Only one of the following restart policies may be specified. If none of the following policies is specified, the default one is RestartPolicyAlways. +enum
The contents of the target Secret’s Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
The contents of the target Secret’s Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.
ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
UID is a type that holds unique ID values, including UUIDs. Because we don’t ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated.