kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #42244 from feloy/dev-1.28-api-ref 

V1.28 api reference multi-pages
pull/42277/head
Kubernetes Prow Robot 2023-07-27 03:18:07 -07:00 committed by GitHub
parent 4d6a4c2307 1e2ed88743
commit 56828ee432
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 7432 additions and 23392 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30048
api-ref-assets/api/swagger.json
View File

File diff suppressed because it is too large Load Diff

15
api-ref-assets/config/fields.yaml
View File

@ -88,6 +88,7 @@
- fields:
- nominatedNodeName
- hostIP
- hostIPs
- startTime
- phase
- message
@ -99,6 +100,7 @@
- initContainerStatuses
- containerStatuses
- ephemeralContainerStatuses
- resourceClaimStatuses
- resize
- definition: io.k8s.api.core.v1.Container
@ -137,6 +139,7 @@
- livenessProbe
- readinessProbe
- startupProbe
- restartPolicy
- name: Security Context
fields:
- securityContext
@ -228,6 +231,7 @@
fields:
- terminationMessagePath
- terminationMessagePolicy
- restartPolicy
- name: Debugging
fields:
- stdin
@ -393,9 +397,14 @@
fields:
- selector
- manualSelector
- name: Alpha level
- name: Beta level
fields:
- podFailurePolicy
- name: Alpha level
fields:
- backoffLimitPerIndex
- maxFailedIndexes
- podReplacementPolicy
- definition: io.k8s.api.batch.v1.JobStatus
field_categories:
@ -411,6 +420,10 @@
- name: Beta level
fields:
- ready
- name: Alpha level
fields:
- failedIndexes
- terminating
- definition: io.k8s.api.batch.v1.CronJobSpec
field_categories:

7
api-ref-assets/config/toc.yaml
View File

@ -153,7 +153,7 @@ parts:
version: v1alpha1
- name: SelfSubjectReview
group: authentication.k8s.io
version: v1beta1
version: v1
- name: Authorization Resources
chapters:
- name: LocalSubjectAccessReview
@ -168,9 +168,6 @@ parts:
- name: SubjectAccessReview
group: authorization.k8s.io
version: v1
- name: SelfSubjectReview
group: authentication.k8s.io
version: v1alpha1
- name: ClusterRole
group: rbac.authorization.k8s.io
version: v1
@ -218,7 +215,7 @@ parts:
version: v1
- name: ValidatingAdmissionPolicy
group: admissionregistration.k8s.io
version: v1alpha1
version: v1beta1
otherDefinitions:
- ValidatingAdmissionPolicyList
- ValidatingAdmissionPolicyBinding

2
api-ref-generator

@ -1 +1 @@
Subproject commit 55bce686224caba37f93e1e1eb53c0c9fc104ed4
Subproject commit 7f83d75831813de516f88917f138c32d5f712e87

24
content/en/docs/reference/kubernetes-api/authentication-resources/self-subject-review-v1beta1.md → content/en/docs/reference/kubernetes-api/authentication-resources/self-subject-review-v1.md
View File

@ -1,11 +1,11 @@
---
api_metadata:
apiVersion: "authentication.k8s.io/v1beta1"
import: "k8s.io/api/authentication/v1beta1"
apiVersion: "authentication.k8s.io/v1"
import: "k8s.io/api/authentication/v1"
kind: "SelfSubjectReview"
content_type: "api_reference"
description: "SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request."
title: "SelfSubjectReview v1beta1"
title: "SelfSubjectReview"
weight: 6
auto_generated: true
---
@ -21,9 +21,9 @@ guide. You can file document formatting bugs against the
[reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project.
-->
`apiVersion: authentication.k8s.io/v1beta1`
`apiVersion: authentication.k8s.io/v1`
`import "k8s.io/api/authentication/v1beta1"`
`import "k8s.io/api/authentication/v1"`
## SelfSubjectReview {#SelfSubjectReview}
@ -32,7 +32,7 @@ SelfSubjectReview contains the user information that the kube-apiserver has abou
<hr>
- **apiVersion**: authentication.k8s.io/v1beta1
- **apiVersion**: authentication.k8s.io/v1
- **kind**: SelfSubjectReview
@ -42,7 +42,7 @@ SelfSubjectReview contains the user information that the kube-apiserver has abou
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **status** (<a href="{{< ref "../authentication-resources/self-subject-review-v1beta1#SelfSubjectReviewStatus" >}}">SelfSubjectReviewStatus</a>)
- **status** (<a href="{{< ref "../authentication-resources/self-subject-review-v1#SelfSubjectReviewStatus" >}}">SelfSubjectReviewStatus</a>)
Status is filled in by the server with the user attributes.
@ -98,12 +98,12 @@ SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
#### HTTP Request
POST /apis/authentication.k8s.io/v1beta1/selfsubjectreviews
POST /apis/authentication.k8s.io/v1/selfsubjectreviews
#### Parameters
- **body**: <a href="{{< ref "../authentication-resources/self-subject-review-v1beta1#SelfSubjectReview" >}}">SelfSubjectReview</a>, required
- **body**: <a href="{{< ref "../authentication-resources/self-subject-review-v1#SelfSubjectReview" >}}">SelfSubjectReview</a>, required
@ -132,11 +132,11 @@ POST /apis/authentication.k8s.io/v1beta1/selfsubjectreviews
#### Response
200 (<a href="{{< ref "../authentication-resources/self-subject-review-v1beta1#SelfSubjectReview" >}}">SelfSubjectReview</a>): OK
200 (<a href="{{< ref "../authentication-resources/self-subject-review-v1#SelfSubjectReview" >}}">SelfSubjectReview</a>): OK
201 (<a href="{{< ref "../authentication-resources/self-subject-review-v1beta1#SelfSubjectReview" >}}">SelfSubjectReview</a>): Created
201 (<a href="{{< ref "../authentication-resources/self-subject-review-v1#SelfSubjectReview" >}}">SelfSubjectReview</a>): Created
202 (<a href="{{< ref "../authentication-resources/self-subject-review-v1beta1#SelfSubjectReview" >}}">SelfSubjectReview</a>): Accepted
202 (<a href="{{< ref "../authentication-resources/self-subject-review-v1#SelfSubjectReview" >}}">SelfSubjectReview</a>): Accepted
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-binding-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "ClusterRoleBinding references a ClusterRole, but not contain it."
title: "ClusterRoleBinding"
weight: 7
weight: 6
auto_generated: true
---
@ -44,7 +44,7 @@ ClusterRoleBinding references a ClusterRole, but not contain it. It can referen
- **roleRef** (RoleRef), required
RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.
RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.
<a name="RoleRef"></a>
*RoleRef contains information that points to the role being used*

2
content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding."
title: "ClusterRole"
weight: 6
weight: 5
auto_generated: true
---

4
content/en/docs/reference/kubernetes-api/authorization-resources/role-binding-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "RoleBinding references a role, but does not contain it."
title: "RoleBinding"
weight: 9
weight: 8
auto_generated: true
---
@ -44,7 +44,7 @@ RoleBinding references a role, but does not contain it. It can reference a Role
- **roleRef** (RoleRef), required
RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.
RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.
<a name="RoleRef"></a>
*RoleRef contains information that points to the role being used*

2
content/en/docs/reference/kubernetes-api/authorization-resources/role-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding."
title: "Role"
weight: 8
weight: 7
auto_generated: true
---

142
content/en/docs/reference/kubernetes-api/authorization-resources/self-subject-review-v1alpha1.md
View File

@ -1,142 +0,0 @@
---
api_metadata:
apiVersion: "authentication.k8s.io/v1alpha1"
import: "k8s.io/api/authentication/v1alpha1"
kind: "SelfSubjectReview"
content_type: "api_reference"
description: "SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request."
title: "SelfSubjectReview v1alpha1"
weight: 5
auto_generated: true
---
<!--
The file is auto-generated from the Go source code of the component using a generic
[generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how
to generate the reference documentation, please read
[Contributing to the reference documentation](/docs/contribute/generate-ref-docs/).
To update the reference content, please follow the
[Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/)
guide. You can file document formatting bugs against the
[reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project.
-->
`apiVersion: authentication.k8s.io/v1alpha1`
`import "k8s.io/api/authentication/v1alpha1"`
## SelfSubjectReview {#SelfSubjectReview}
SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. When using impersonation, users will receive the user info of the user being impersonated. If impersonation or request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
<hr>
- **apiVersion**: authentication.k8s.io/v1alpha1
- **kind**: SelfSubjectReview
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **status** (<a href="{{< ref "../authorization-resources/self-subject-review-v1alpha1#SelfSubjectReviewStatus" >}}">SelfSubjectReviewStatus</a>)
Status is filled in by the server with the user attributes.
## SelfSubjectReviewStatus {#SelfSubjectReviewStatus}
SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
<hr>
- **userInfo** (UserInfo)
User attributes of the user making this request.
<a name="UserInfo"></a>
*UserInfo holds the information about the user needed to implement the user.Info interface.*
- **userInfo.extra** (map[string][]string)
Any additional information provided by the authenticator.
- **userInfo.groups** ([]string)
The names of groups this user is a part of.
- **userInfo.uid** (string)
A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.
- **userInfo.username** (string)
The name that uniquely identifies this user among all active users.
## Operations {#Operations}
<hr>
### `create` create a SelfSubjectReview
#### HTTP Request
POST /apis/authentication.k8s.io/v1alpha1/selfsubjectreviews
#### Parameters
- **body**: <a href="{{< ref "../authorization-resources/self-subject-review-v1alpha1#SelfSubjectReview" >}}">SelfSubjectReview</a>, required
- **dryRun** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#dryRun" >}}">dryRun</a>
- **fieldManager** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#fieldManager" >}}">fieldManager</a>
- **fieldValidation** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#fieldValidation" >}}">fieldValidation</a>
- **pretty** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#pretty" >}}">pretty</a>
#### Response
200 (<a href="{{< ref "../authorization-resources/self-subject-review-v1alpha1#SelfSubjectReview" >}}">SelfSubjectReview</a>): OK
201 (<a href="{{< ref "../authorization-resources/self-subject-review-v1alpha1#SelfSubjectReview" >}}">SelfSubjectReview</a>): Created
202 (<a href="{{< ref "../authorization-resources/self-subject-review-v1alpha1#SelfSubjectReview" >}}">SelfSubjectReview</a>): Accepted
401: Unauthorized

25
content/en/docs/reference/kubernetes-api/cluster-resources/priority-level-configuration-v1beta3.md
View File

@ -64,6 +64,27 @@ PriorityLevelConfigurationSpec specifies the configuration of a priority level.
`type` indicates whether this priority level is subject to limitation on request execution. A value of `"Exempt"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels. A value of `"Limited"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.
- **exempt** (ExemptPriorityLevelConfiguration)
`exempt` specifies how requests are handled for an exempt priority level. This field MUST be empty if `type` is `"Limited"`. This field MAY be non-empty if `type` is `"Exempt"`. If empty and `type` is `"Exempt"` then the default values for `ExemptPriorityLevelConfiguration` apply.
<a name="ExemptPriorityLevelConfiguration"></a>
*ExemptPriorityLevelConfiguration describes the configurable aspects of the handling of exempt requests. In the mandatory exempt configuration object the values in the fields here can be modified by authorized users, unlike the rest of the `spec`.*
- **exempt.lendablePercent** (int32)
`lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels. This value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
- **exempt.nominalConcurrencyShares** (int32)
`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats nominally reserved for this priority level. This DOES NOT limit the dispatching from this priority level but affects the other priority levels through the borrowing mechanism. The server's concurrency limit (ServerCL) is divided among all the priority levels in proportion to their NCS values:
NominalCL(i) = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)
Bigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of zero.
- **limited** (LimitedPriorityLevelConfiguration)
`limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `"Limited"`.
@ -121,9 +142,9 @@ PriorityLevelConfigurationSpec specifies the configuration of a priority level.
`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats available at this priority level. This is used both for requests dispatched from this priority level as well as requests dispatched from other priority levels borrowing seats from this level. The server's concurrency limit (ServerCL) is divided among the Limited priority levels in proportion to their NCS values:
NominalCL(i) = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[limited priority level k] NCS(k)
NominalCL(i) = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)
Bigger numbers mean a larger nominal concurrency limit, at the expense of every other Limited priority level. This field has a default value of 30.
Bigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of 30.

2
content/en/docs/reference/kubernetes-api/common-definitions/label-selector.md
View File

@ -39,8 +39,6 @@ A label selector is a label query over a set of resources. The result of matchLa
- **matchExpressions.key** (string), required
*Patch strategy: merge on key `key`*
key is the label key that the selector applies to.
- **matchExpressions.operator** (string), required

49
content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1.md
View File

@ -163,9 +163,52 @@ PersistentVolumeClaimStatus is the current status of a persistent volume claim.
accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- **allocatedResourceStatuses** (map[string]string)
allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:
* Un-prefixed keys:
- storage - the capacity of the volume.
* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
ClaimResourceStatus can be in any of following states:
- ControllerResizeInProgress:
State set when resize controller starts resizing the volume in control-plane.
- ControllerResizeFailed:
State set when resize has failed in resize controller with a terminal error.
- NodeResizePending:
State set when resize controller has finished resizing the volume but further resizing of
volume is needed on the node.
- NodeResizeInProgress:
State set when kubelet starts resizing the volume.
- NodeResizeFailed:
State set when resizing has failed in kubelet with a terminal error. Transient errors don't set
NodeResizeFailed.
For example: if expanding a PVC for more capacity - this field can be one of the following states:
- pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress"
- pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed"
- pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending"
- pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
- pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
When this field is not set, it means that no resize operation is in progress for the given PVC.
A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
- **allocatedResources** (map[string]<a href="{{< ref "../common-definitions/quantity#Quantity" >}}">Quantity</a>)
allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:
* Un-prefixed keys:
- storage - the capacity of the volume.
* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.
A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
- **capacity** (map[string]<a href="{{< ref "../common-definitions/quantity#Quantity" >}}">Quantity</a>)
@ -212,10 +255,6 @@ PersistentVolumeClaimStatus is the current status of a persistent volume claim.
phase represents the current phase of PersistentVolumeClaim.
- **resizeStatus** (string)
resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.

7
content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1.md
View File

@ -852,6 +852,13 @@ PersistentVolumeStatus is the current status of a persistent volume.
<hr>
- **lastPhaseTransitionTime** (Time)
lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions. This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature.
<a name="Time"></a>
*Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.*
- **message** (string)
message is a human-readable message indicating details about why the volume is in this state.

8
content/en/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1.md
View File

@ -529,6 +529,10 @@ JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-sc
are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
non-intersecting keys are appended, retaining their partial order.
- **x-kubernetes-validations.fieldPath** (string)
fieldPath represents the field path returned when the validation fails. It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` It does not support list numeric index. It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info. Numeric index of array is not supported. For field name which contains special characters, use `['specialName']` to refer the field name. e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']`
- **x-kubernetes-validations.message** (string)
Message represents the message displayed when validation fails. The message is required if the Rule contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host"
@ -537,6 +541,10 @@ JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-sc
MessageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a rule, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the rule; the only difference is the return type. Example: "x must be less than max ("+string(self.max)+")"
- **x-kubernetes-validations.reason** (string)
reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. The HTTP status code returned to the caller will match the reason of the reason of the first failed validation rule. The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". If not set, default to use "FieldValueInvalid". All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.

2
content/en/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1.md
View File

@ -132,7 +132,7 @@ MutatingWebhookConfiguration describes the configuration of and admission webhoo
- If failurePolicy=Fail, reject the request
- If failurePolicy=Ignore, the error is ignored and the webhook is skipped
This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
<a name="MatchCondition"></a>
*MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.*

135
content/en/docs/reference/kubernetes-api/extend-resources/validating-admission-policy-v1alpha1.md → content/en/docs/reference/kubernetes-api/extend-resources/validating-admission-policy-v1beta1.md
View File

@ -1,11 +1,11 @@
---
api_metadata:
apiVersion: "admissionregistration.k8s.io/v1alpha1"
import: "k8s.io/api/admissionregistration/v1alpha1"
apiVersion: "admissionregistration.k8s.io/v1beta1"
import: "k8s.io/api/admissionregistration/v1beta1"
kind: "ValidatingAdmissionPolicy"
content_type: "api_reference"
description: "ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it."
title: "ValidatingAdmissionPolicy v1alpha1"
title: "ValidatingAdmissionPolicy v1beta1"
weight: 4
auto_generated: true
---
@ -21,9 +21,9 @@ guide. You can file document formatting bugs against the
[reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project.
-->
`apiVersion: admissionregistration.k8s.io/v1alpha1`
`apiVersion: admissionregistration.k8s.io/v1beta1`
`import "k8s.io/api/admissionregistration/v1alpha1"`
`import "k8s.io/api/admissionregistration/v1beta1"`
## ValidatingAdmissionPolicy {#ValidatingAdmissionPolicy}
@ -32,7 +32,7 @@ ValidatingAdmissionPolicy describes the definition of an admission validation po
<hr>
- **apiVersion**: admissionregistration.k8s.io/v1alpha1
- **apiVersion**: admissionregistration.k8s.io/v1beta1
- **kind**: ValidatingAdmissionPolicy
@ -106,7 +106,7 @@ ValidatingAdmissionPolicy describes the definition of an admission validation po
- If failurePolicy=Ignore, the policy is skipped
<a name="MatchCondition"></a>
**
*MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook.*
- **spec.matchConditions.expression** (string), required
@ -307,7 +307,9 @@ ValidatingAdmissionPolicy describes the definition of an admission validation po
Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
For example, a variable named 'foo' can be accessed as 'variables.foo'.
- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
request resource.
@ -342,12 +344,33 @@ ValidatingAdmissionPolicy describes the definition of an admission validation po
Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.
- **spec.variables** ([]Variable)
*Patch strategy: merge on key `name`*
*Map: unique values on key name will be kept during a merge*
Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.
<a name="Variable"></a>
*Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.*
- **spec.variables.expression** (string), required
Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.
- **spec.variables.name** (string), required
Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`
- **status** (ValidatingAdmissionPolicyStatus)
The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
<a name="ValidatingAdmissionPolicyStatus"></a>
*ValidatingAdmissionPolicyStatus represents the status of a ValidatingAdmissionPolicy.*
*ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.*
- **status.conditions** ([]Condition)
@ -427,7 +450,7 @@ ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- **items** ([]<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>)
- **items** ([]<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>)
List of ValidatingAdmissionPolicy.
@ -447,6 +470,10 @@ ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.
ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.
The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.
<hr>
- **apiVersion** (string)
@ -623,18 +650,44 @@ ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with parame
- **spec.paramRef** (ParamRef)
ParamRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.
paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
<a name="ParamRef"></a>
*ParamRef references a parameter resource*
*ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.*
- **spec.paramRef.name** (string)
Name of the resource being referenced.
name is the name of the resource being referenced.
One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.
- **spec.paramRef.namespace** (string)
Namespace of the referenced resource. Should be empty for the cluster-scoped resources
namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.
A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.
- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
- **spec.paramRef.parameterNotFoundAction** (string)
`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
Allowed values are `Allow` or `Deny`
Required
- **spec.paramRef.selector** (<a href="{{< ref "../common-definitions/label-selector#LabelSelector" >}}">LabelSelector</a>)
selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.
If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
- **spec.policyName** (string)
@ -683,7 +736,7 @@ ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with parame
#### HTTP Request
GET /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{name}
GET /apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies/{name}
#### Parameters
@ -702,7 +755,7 @@ GET /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{nam
#### Response
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
401: Unauthorized
@ -711,7 +764,7 @@ GET /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{nam
#### HTTP Request
GET /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{name}/status
GET /apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies/{name}/status
#### Parameters
@ -730,7 +783,7 @@ GET /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{nam
#### Response
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
401: Unauthorized
@ -739,7 +792,7 @@ GET /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{nam
#### HTTP Request
GET /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies
GET /apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies
#### Parameters
@ -803,7 +856,7 @@ GET /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies
#### Response
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicyList" >}}">ValidatingAdmissionPolicyList</a>): OK
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicyList" >}}">ValidatingAdmissionPolicyList</a>): OK
401: Unauthorized
@ -812,12 +865,12 @@ GET /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies
#### HTTP Request
POST /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies
POST /apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies
#### Parameters
- **body**: <a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>, required
- **body**: <a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>, required
@ -846,11 +899,11 @@ POST /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies
#### Response
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
201 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Created
201 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Created
202 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Accepted
202 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Accepted
401: Unauthorized
@ -859,7 +912,7 @@ POST /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies
#### HTTP Request
PUT /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{name}
PUT /apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies/{name}
#### Parameters
@ -869,7 +922,7 @@ PUT /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{nam
name of the ValidatingAdmissionPolicy
- **body**: <a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>, required
- **body**: <a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>, required
@ -898,9 +951,9 @@ PUT /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{nam
#### Response
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
201 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Created
201 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Created
401: Unauthorized
@ -909,7 +962,7 @@ PUT /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{nam
#### HTTP Request
PUT /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{name}/status
PUT /apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies/{name}/status
#### Parameters
@ -919,7 +972,7 @@ PUT /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{nam
name of the ValidatingAdmissionPolicy
- **body**: <a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>, required
- **body**: <a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>, required
@ -948,9 +1001,9 @@ PUT /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{nam
#### Response
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
201 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Created
201 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Created
401: Unauthorized
@ -959,7 +1012,7 @@ PUT /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{nam
#### HTTP Request
PATCH /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{name}
PATCH /apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies/{name}
#### Parameters
@ -1003,9 +1056,9 @@ PATCH /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{n
#### Response
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
201 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Created
201 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Created
401: Unauthorized
@ -1014,7 +1067,7 @@ PATCH /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{n
#### HTTP Request
PATCH /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{name}/status
PATCH /apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies/{name}/status
#### Parameters
@ -1058,9 +1111,9 @@ PATCH /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{n
#### Response
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
200 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): OK
201 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1alpha1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Created
201 (<a href="{{< ref "../extend-resources/validating-admission-policy-v1beta1#ValidatingAdmissionPolicy" >}}">ValidatingAdmissionPolicy</a>): Created
401: Unauthorized
@ -1069,7 +1122,7 @@ PATCH /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{n
#### HTTP Request
DELETE /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{name}
DELETE /apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies/{name}
#### Parameters
@ -1119,7 +1172,7 @@ DELETE /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies/{
#### HTTP Request
DELETE /apis/admissionregistration.k8s.io/v1alpha1/validatingadmissionpolicies
DELETE /apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies
#### Parameters

2
content/en/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1.md
View File

@ -132,7 +132,7 @@ ValidatingWebhookConfiguration describes the configuration of and admission webh
- If failurePolicy=Fail, reject the request
- If failurePolicy=Ignore, the error is ignored and the webhook is skipped
This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
<a name="MatchCondition"></a>
*MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.*

10
content/en/docs/reference/kubernetes-api/other-resources/validating-admission-policy-binding-list-v1alpha1.md → content/en/docs/reference/kubernetes-api/other-resources/validating-admission-policy-binding-list-v1beta1.md
View File

@ -1,11 +1,11 @@
---
api_metadata:
apiVersion: "admissionregistration.k8s.io/v1alpha1"
import: "k8s.io/api/admissionregistration/v1alpha1"
apiVersion: "admissionregistration.k8s.io/v1beta1"
import: "k8s.io/api/admissionregistration/v1beta1"
kind: "ValidatingAdmissionPolicyBindingList"
content_type: "api_reference"
description: ""
title: "ValidatingAdmissionPolicyBindingList v1alpha1"
title: "ValidatingAdmissionPolicyBindingList v1beta1"
weight: 1
auto_generated: true
---
@ -21,8 +21,8 @@ guide. You can file document formatting bugs against the
[reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project.
-->
`apiVersion: admissionregistration.k8s.io/v1alpha1`
`apiVersion: admissionregistration.k8s.io/v1beta1`
`import "k8s.io/api/admissionregistration/v1alpha1"`
`import "k8s.io/api/admissionregistration/v1beta1"`

200
content/en/docs/reference/kubernetes-api/policy-resources/network-policy-v1.md
View File

@ -46,10 +46,6 @@ NetworkPolicy describes what network traffic is allowed for a set of Pods
spec represents the specification of the desired behavior for this NetworkPolicy.
- **status** (<a href="{{< ref "../policy-resources/network-policy-v1#NetworkPolicyStatus" >}}">NetworkPolicyStatus</a>)
status represents the current state of the NetworkPolicy. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
@ -198,54 +194,6 @@ NetworkPolicySpec provides the specification of a NetworkPolicy
## NetworkPolicyStatus {#NetworkPolicyStatus}
NetworkPolicyStatus describes the current state of the NetworkPolicy.
<hr>
- **conditions** ([]Condition)
*Patch strategy: merge on key `type`*
*Map: unique values on key type will be kept during a merge*
conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy. Current service state
<a name="Condition"></a>
*Condition contains details for one aspect of the current state of this API Resource.*
- **conditions.lastTransitionTime** (Time), required
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
<a name="Time"></a>
*Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.*
- **conditions.message** (string), required
message is a human readable message indicating details about the transition. This may be an empty string.
- **conditions.reason** (string), required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
- **conditions.status** (string), required
status of the condition, one of True, False, Unknown.
- **conditions.type** (string), required
type of condition in CamelCase or in foo.example.com/CamelCase.
- **conditions.observedGeneration** (int64)
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
## NetworkPolicyList {#NetworkPolicyList}
NetworkPolicyList is a list of NetworkPolicy objects.
@ -306,39 +254,6 @@ GET /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}
#### Response
200 (<a href="{{< ref "../policy-resources/network-policy-v1#NetworkPolicy" >}}">NetworkPolicy</a>): OK
401: Unauthorized
### `get` read status of the specified NetworkPolicy
#### HTTP Request
GET /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}/status
#### Parameters
- **name** (*in path*): string, required
name of the NetworkPolicy
- **namespace** (*in path*): string, required
<a href="{{< ref "../common-parameters/common-parameters#namespace" >}}">namespace</a>
- **pretty** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#pretty" >}}">pretty</a>
#### Response
@ -574,61 +489,6 @@ PUT /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}
- **dryRun** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#dryRun" >}}">dryRun</a>
- **fieldManager** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#fieldManager" >}}">fieldManager</a>
- **fieldValidation** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#fieldValidation" >}}">fieldValidation</a>
- **pretty** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#pretty" >}}">pretty</a>
#### Response
200 (<a href="{{< ref "../policy-resources/network-policy-v1#NetworkPolicy" >}}">NetworkPolicy</a>): OK
201 (<a href="{{< ref "../policy-resources/network-policy-v1#NetworkPolicy" >}}">NetworkPolicy</a>): Created
401: Unauthorized
### `update` replace status of the specified NetworkPolicy
#### HTTP Request
PUT /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}/status
#### Parameters
- **name** (*in path*): string, required
name of the NetworkPolicy
- **namespace** (*in path*): string, required
<a href="{{< ref "../common-parameters/common-parameters#namespace" >}}">namespace</a>
- **body**: <a href="{{< ref "../policy-resources/network-policy-v1#NetworkPolicy" >}}">NetworkPolicy</a>, required
- **dryRun** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#dryRun" >}}">dryRun</a>
@ -684,66 +544,6 @@ PATCH /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}
- **dryRun** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#dryRun" >}}">dryRun</a>
- **fieldManager** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#fieldManager" >}}">fieldManager</a>
- **fieldValidation** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#fieldValidation" >}}">fieldValidation</a>
- **force** (*in query*): boolean
<a href="{{< ref "../common-parameters/common-parameters#force" >}}">force</a>
- **pretty** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#pretty" >}}">pretty</a>
#### Response
200 (<a href="{{< ref "../policy-resources/network-policy-v1#NetworkPolicy" >}}">NetworkPolicy</a>): OK
201 (<a href="{{< ref "../policy-resources/network-policy-v1#NetworkPolicy" >}}">NetworkPolicy</a>): Created
401: Unauthorized
### `patch` partially update status of the specified NetworkPolicy
#### HTTP Request
PATCH /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}/status
#### Parameters
- **name** (*in path*): string, required
name of the NetworkPolicy
- **namespace** (*in path*): string, required
<a href="{{< ref "../common-parameters/common-parameters#namespace" >}}">namespace</a>
- **body**: <a href="{{< ref "../common-definitions/patch#Patch" >}}">Patch</a>, required
- **dryRun** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#dryRun" >}}">dryRun</a>

2
content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md
View File

@ -149,6 +149,8 @@ EndpointSlice represents a subset of the endpoints that implement a service. For
* Kubernetes-defined prefixed names:
* 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
* 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
* 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.

2
content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md
View File

@ -144,6 +144,8 @@ Endpoints is a collection of endpoints that implement the actual service. Exampl
* Kubernetes-defined prefixed names:
* 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
* 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
* 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.

17
content/en/docs/reference/kubernetes-api/service-resources/service-v1.md
View File

@ -100,7 +100,16 @@ ServiceSpec describes the attributes that a user creates on a service.
- **ports.appProtocol** (string)
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:
* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).
* Kubernetes-defined prefixed names:
* 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
* 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
* 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
- **type** (string)
@ -140,7 +149,7 @@ ServiceSpec describes the attributes that a user creates on a service.
- **loadBalancerIP** (string)
Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.
Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.
- **loadBalancerSourceRanges** ([]string)
@ -262,6 +271,10 @@ ServiceStatus represents the current status of a service.
IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers)
- **loadBalancer.ingress.ipMode** (string)
IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified. Setting this to "VIP" indicates that traffic is delivered to the node with the destination set to the load-balancer's IP and port. Setting this to "Proxy" indicates that traffic is delivered to the node or pod with the destination set to the node's IP and node port or the pod's IP and port. Service implementations may use this information to adjust traffic routing.
- **loadBalancer.ingress.ports** ([]PortStatus)
*Atomic: will be replaced during a merge*

41
content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md
View File

@ -117,14 +117,14 @@ JobSpec describes how the job execution will look like.
manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
### Alpha level
### Beta level
- **podFailurePolicy** (PodFailurePolicy)
Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.
This field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default).
This field is beta-level. It can be used when the `JobPodFailurePolicy` feature gate is enabled (enabled by default).
<a name="PodFailurePolicy"></a>
*PodFailurePolicy describes how failed pods influence the backoffLimit.*
@ -144,6 +144,10 @@ JobSpec describes how the job execution will look like.
- FailJob: indicates that the pod's job is marked as Failed and all
running pods are terminated.
- FailIndex: indicates that the pod's index is marked as Failed and will
not be restarted.
This value is alpha-level. It can be used when the
`JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
- Ignore: indicates that the counter towards the .backoffLimit is not
incremented and a replacement pod is created.
- Count: indicates that the pod is handled in the default way - the
@ -196,6 +200,26 @@ JobSpec describes how the job execution will look like.
Restricts the check for exit codes to the container with the specified name. When null, the rule applies to all containers. When specified, it should match one the container or initContainer names in the pod template.
### Alpha level
- **backoffLimitPerIndex** (int32)
Specifies the limit for the number of retries within an index before marking this index as failed. When enabled the number of failures per index is kept in the pod's batch.kubernetes.io/job-index-failure-count annotation. It can only be set when Job's completionMode=Indexed, and the Pod's restart policy is Never. The field is immutable. This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
- **maxFailedIndexes** (int32)
Specifies the maximal number of failed indexes before marking the Job as failed, when backoffLimitPerIndex is set. Once the number of failed indexes exceeds this number the entire Job is marked as Failed and its execution is terminated. When left as null the job continues execution of all of its indexes and is marked with the `Complete` Job condition. It can only be specified when backoffLimitPerIndex is set. It can be null or up to completions. It is required and must be less than or equal to 10^4 when is completions greater than 10^5. This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
- **podReplacementPolicy** (string)
podReplacementPolicy specifies when to create replacement Pods. Possible values are: - TerminatingOrFailed means that we recreate pods
when they are terminating (has a metadata.deletionTimestamp) or failed.
- Failed means to wait until a previously created Pod is fully terminated (has phase
Failed or Succeeded) before creating a replacement Pod.
When using podFailurePolicy, Failed is the the only allowed value. TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.
## JobStatus {#JobStatus}
@ -312,6 +336,19 @@ JobStatus represents the current state of a Job.
This field is beta-level. The job controller populates the field when the feature gate JobReadyPods is enabled (enabled by default).
### Alpha level
- **failedIndexes** (string)
FailedIndexes holds the failed indexes when backoffLimitPerIndex=true. The indexes are represented in the text format analogous as for the `completedIndexes` field, ie. they are kept as decimal integers separated by commas. The numbers are listed in increasing order. Three or more consecutive numbers are compressed and represented by the first and last element of the series, separated by a hyphen. For example, if the failed indexes are 1, 3, 4, 5 and 7, they are represented as "1,3-5,7". This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
- **terminating** (int32)
The number of pods which are terminating (in phase Pending or Running and have a deletionTimestamp).
This field is alpha-level. The job controller populates the field when the feature gate JobPodReplacementPolicy is enabled (disabled by default).
## JobList {#JobList}

72
content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md
View File

@ -430,7 +430,7 @@ PodSpec is a description of a pod.
- **securityContext.seccompProfile.localhostProfile** (string)
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
- **securityContext.seLinuxOptions** (SELinuxOptions)
@ -487,7 +487,7 @@ PodSpec is a description of a pod.
- **securityContext.windowsOptions.hostProcess** (boolean)
HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
- **securityContext.windowsOptions.runAsUserName** (string)
@ -536,9 +536,7 @@ PodSpec is a description of a pod.
ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be \<pod name>-\<resource name>, where \<resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long).
An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed.
The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
@ -903,6 +901,10 @@ A single application container that you want to run within a pod.
StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- **restartPolicy** (string)
RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
### Security Context
@ -971,7 +973,7 @@ A single application container that you want to run within a pod.
- **securityContext.seccompProfile.localhostProfile** (string)
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
- **securityContext.seLinuxOptions** (SELinuxOptions)
@ -1013,7 +1015,7 @@ A single application container that you want to run within a pod.
- **securityContext.windowsOptions.hostProcess** (boolean)
HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
- **securityContext.windowsOptions.runAsUserName** (string)
@ -1284,6 +1286,10 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
- **restartPolicy** (string)
Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
### Debugging
@ -1367,7 +1373,7 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi
- **securityContext.seccompProfile.localhostProfile** (string)
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
- **securityContext.seLinuxOptions** (SELinuxOptions)
@ -1409,7 +1415,7 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi
- **securityContext.windowsOptions.hostProcess** (boolean)
HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
- **securityContext.windowsOptions.runAsUserName** (string)
@ -1554,7 +1560,7 @@ LifecycleHandler defines a specific action that should be taken in a lifecycle h
- **httpGet.httpHeaders.name** (string), required
The header field name
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
- **httpGet.httpHeaders.value** (string), required
@ -1826,7 +1832,7 @@ Probe describes a health check to be performed against a container to determine
- **httpGet.httpHeaders.name** (string), required
The header field name
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
- **httpGet.httpHeaders.value** (string), required
@ -1915,7 +1921,22 @@ PodStatus represents information about the status of a pod. Status may trail the
- **hostIP** (string)
IP address of the host to which the pod is assigned. Empty if not yet scheduled.
hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod
- **hostIPs** ([]HostIP)
*Patch strategy: merge on key `ip`*
*Atomic: will be replaced during a merge*
hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must match the hostIP field. This list is empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will not be updated even if there is a node is assigned to this pod.
<a name="HostIP"></a>
*HostIP represents a single IP address allocated to the host.*
- **hostIPs.ip** (string)
IP is the IP address assigned to the host
- **startTime** (Time)
@ -1942,7 +1963,7 @@ PodStatus represents information about the status of a pod. Status may trail the
- **podIP** (string)
IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.
podIP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.
- **podIPs** ([]PodIP)
@ -1951,13 +1972,11 @@ PodStatus represents information about the status of a pod. Status may trail the
podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.
<a name="PodIP"></a>
*IP address information for entries in the (plural) PodIPs field. Each entry includes:
IP: An IP address allocated to the pod. Routable at least within the cluster.*
*PodIP represents a single IP address allocated to the pod.*
- **podIPs.ip** (string)
ip is an IP address (IPv4 or IPv6) assigned to the pod
IP is the IP address assigned to the pod
- **conditions** ([]PodCondition)
@ -2023,6 +2042,25 @@ PodStatus represents information about the status of a pod. Status may trail the
<a name="ContainerStatus"></a>
*ContainerStatus contains details for the current status of this container.*
- **resourceClaimStatuses** ([]PodResourceClaimStatus)
*Patch strategies: retainKeys, merge on key `name`*
*Map: unique values on key name will be kept during a merge*
Status of resource claims.
<a name="PodResourceClaimStatus"></a>
*PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.*
- **resourceClaimStatuses.name** (string), required
Name uniquely identifies this resource claim inside the pod. This must match the name of an entry in pod.spec.resourceClaims, which implies that the string must be a DNS_LABEL.
- **resourceClaimStatuses.resourceClaimName** (string)
ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. It this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.
- **resize** (string)
Status of resources resize desired for pod's containers. It is empty if no resources resize is pending. Any changes to container resources will automatically set this to "Proposed"