kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #29217 from feloy/api-ref-v122-bis 

API Reference v1.22
pull/27866/head
PI-Victor 2021-08-04 23:03:34 +02:00 committed by GitHub
parent e7c8bb2a6b 02d18a3ce1
commit 7ac9be7598
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
66 changed files with 92300 additions and 708 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -96,4 +96,4 @@ clean-api-reference: ## Clean all directories in API reference directory, preser
api-reference: clean-api-reference ## Build the API reference pages. go needed
cd api-ref-generator/gen-resourcesdocs && \
go run cmd/main.go kwebsite --config-dir config/v1.21/ --file api/v1.21/swagger.json --output-dir ../../content/en/docs/reference/kubernetes-api --templates templates
go run cmd/main.go kwebsite --config-dir ../../api-ref-assets/config/ --file ../../api-ref-assets/api/swagger.json --output-dir ../../content/en/docs/reference/kubernetes-api --templates ../../api-ref-assets/templates

22
README.md
View File

@ -73,23 +73,15 @@ To update the reference pages for a new Kubernetes release (replace v1.20 in the
git submodule update --init --recursive --depth 1
```
2. Create a new API revision into the submodule, and add the Swagger specification:
2. Update the Swagger specification:
```bash
mkdir api-ref-generator/gen-resourcesdocs/api/v1.20
curl 'https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/swagger.json' > api-ref-generator/gen-resourcesdocs/api/v1.20/swagger.json
```
```
curl 'https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/swagger.json' > api-ref-assets/api/swagger.json
```
3. Copy the table of contents and fields configuration for the new release from a previous one:
3. In `api-ref-assets/config/`, adapt the files `toc.yaml` and `fields.yaml` to reflect the changes of the new release.
```bash
mkdir api-ref-generator/gen-resourcesdocs/api/v1.20
cp api-ref-generator/gen-resourcesdocs/api/v1.19/* api-ref-generator/gen-resourcesdocs/api/v1.20/
```
4. Adapt the files `toc.yaml` and `fields.yaml` to reflect the changes between the two releases
5. Next, build the pages:
4. Next, build the pages:
```bash
make api-reference
@ -104,7 +96,7 @@ To update the reference pages for a new Kubernetes release (replace v1.20 in the
In a web browser, go to <http://localhost:1313/docs/reference/kubernetes-api/> to view the API reference.
6. When all changes of the new contract are reflected into the configuration files `toc.yaml` and `fields.yaml`, create a Pull Request with the newly generated API reference pages.
5. When all changes of the new contract are reflected into the configuration files `toc.yaml` and `fields.yaml`, create a Pull Request with the newly generated API reference pages.
## Troubleshooting

90274
api-ref-assets/api/swagger.json Normal file
View File

File diff suppressed because it is too large Load Diff

696
api-ref-assets/config/fields.yaml Normal file
View File

@ -0,0 +1,696 @@
- definition: io.k8s.api.core.v1.PodSpec
field_categories:
- name: Containers
fields:
- containers
- initContainers
- imagePullSecrets
- enableServiceLinks
- name: Volumes
fields:
- volumes
- name: Scheduling
fields:
- nodeSelector
- nodeName
- affinity
- tolerations
- schedulerName
- runtimeClassName
- priorityClassName
- priority
- topologySpreadConstraints
- name: Lifecycle
fields:
- restartPolicy
- terminationGracePeriodSeconds
- activeDeadlineSeconds
- readinessGates
- name: Hostname and Name resolution
fields:
- hostname
- setHostnameAsFQDN
- subdomain
- hostAliases
- dnsConfig
- dnsPolicy
- name: Hosts namespaces
fields:
- hostNetwork
- hostPID
- hostIPC
- shareProcessNamespace
- name: Service account
fields:
- serviceAccountName
- automountServiceAccountToken
- name: Security context
fields:
- securityContext
- name: Beta level
fields:
- preemptionPolicy
- overhead
- name: Alpha level
fields:
- ephemeralContainers
- name: Deprecated
fields:
- serviceAccount
- definition: io.k8s.api.core.v1.PodSecurityContext
field_categories:
- fields:
- runAsUser
- runAsNonRoot
- runAsGroup
- supplementalGroups
- fsGroup
- fsGroupChangePolicy
- seccompProfile
- seLinuxOptions
- sysctls
- windowsOptions
- definition: io.k8s.api.core.v1.Toleration
field_categories:
- fields:
- key
- operator
- value
- effect
- tolerationSeconds
- definition: io.k8s.api.core.v1.PodStatus
field_categories:
- fields:
- nominatedNodeName
- hostIP
- startTime
- phase
- message
- reason
- podIP
- podIPs
- conditions
- qosClass
- initContainerStatuses
- containerStatuses
- ephemeralContainerStatuses
- definition: io.k8s.api.core.v1.Container
field_categories:
- fields:
- name
- name: Image
fields:
- image
- imagePullPolicy
- name: Entrypoint
fields:
- command
- args
- workingDir
- name: Ports
fields:
- ports
- name: Environment variables
fields:
- env
- envFrom
- name: Volumes
fields:
- volumeMounts
- volumeDevices
- name: Resources
fields:
- resources
- name: Lifecycle
fields:
- lifecycle
- terminationMessagePath
- terminationMessagePolicy
- livenessProbe
- readinessProbe
- startupProbe
- name: Security Context
fields:
- securityContext
- name: Debugging
fields:
- stdin
- stdinOnce
- tty
- definition: io.k8s.api.core.v1.Probe
field_categories:
- fields:
- exec
- httpGet
- tcpSocket
- initialDelaySeconds
- terminationGracePeriodSeconds
- periodSeconds
- timeoutSeconds
- failureThreshold
- successThreshold
- definition: io.k8s.api.core.v1.SecurityContext
field_categories:
- fields:
- runAsUser
- runAsNonRoot
- runAsGroup
- readOnlyRootFilesystem
- procMount
- privileged
- allowPrivilegeEscalation
- capabilities
- seccompProfile
- seLinuxOptions
- windowsOptions
- definition: io.k8s.api.core.v1.ContainerStatus
field_categories:
- fields:
- name
- image
- imageID
- containerID
- state
- lastState
- ready
- restartCount
- started
- definition: io.k8s.api.core.v1.ContainerStateTerminated
field_categories:
- fields:
- containerID
- exitCode
- startedAt
- finishedAt
- message
- reason
- signal
- definition: io.k8s.api.core.v1.EphemeralContainer
field_categories:
- fields:
- name
- targetContainerName
- name: Image
fields:
- image
- imagePullPolicy
- name: Entrypoint
fields:
- command
- args
- workingDir
- name: Environment variables
fields:
- env
- envFrom
- name: Volumes
fields:
- volumeMounts
- volumeDevices
- name: Lifecycle
fields:
- terminationMessagePath
- terminationMessagePolicy
- name: Debugging
fields:
- stdin
- stdinOnce
- tty
- name: Not allowed
fields:
- ports
- resources
- lifecycle
- livenessProbe
- readinessProbe
- securityContext
- startupProbe
- definition: io.k8s.api.core.v1.ReplicationControllerSpec
field_categories:
- fields:
- selector
- template
- replicas
- minReadySeconds
- definition: io.k8s.api.core.v1.ReplicationControllerStatus
field_categories:
- fields:
- replicas
- availableReplicas
- readyReplicas
- fullyLabeledReplicas
- conditions
- observedGeneration
- definition: io.k8s.api.apps.v1.ReplicaSetSpec
field_categories:
- fields:
- selector
- template
- replicas
- minReadySeconds
- definition: io.k8s.api.apps.v1.ReplicaSetStatus
field_categories:
- fields:
- replicas
- availableReplicas
- readyReplicas
- fullyLabeledReplicas
- conditions
- observedGeneration
- definition: io.k8s.api.apps.v1.DeploymentSpec
field_categories:
- fields:
- selector
- template
- replicas
- minReadySeconds
- strategy
- revisionHistoryLimit
- progressDeadlineSeconds
- paused
- definition: io.k8s.api.apps.v1.DeploymentStatus
field_categories:
- fields:
- replicas
- availableReplicas
- readyReplicas
- unavailableReplicas
- updatedReplicas
- collisionCount
- conditions
- observedGeneration
- definition: io.k8s.api.apps.v1.DeploymentStrategy
field_categories:
- fields:
- type
- rollingUpdate
- definition: io.k8s.api.apps.v1.StatefulSetSpec
field_categories:
- fields:
- serviceName
- selector
- template
- replicas
- updateStrategy
- podManagementPolicy
- revisionHistoryLimit
- volumeClaimTemplates
- minReadySeconds
- definition: io.k8s.api.apps.v1.StatefulSetUpdateStrategy
field_categories:
- fields:
- type
- rollingUpdate
- definition: io.k8s.api.apps.v1.StatefulSetStatus
field_categories:
- fields:
- replicas
- readyReplicas
- currentReplicas
- updatedReplicas
- availableReplicas
- collisionCount
- conditions
- currentRevision
- updateRevision
- observedGeneration
- definition: io.k8s.api.apps.v1.DaemonSetSpec
field_categories:
- fields:
- selector
- template
- minReadySeconds
- updateStrategy
- revisionHistoryLimit
- definition: io.k8s.api.apps.v1.DaemonSetUpdateStrategy
field_categories:
- fields:
- type
- rollingUpdate
- definition: io.k8s.api.apps.v1.DaemonSetStatus
field_categories:
- fields:
- numberReady
- numberAvailable
- numberUnavailable
- numberMisscheduled
- desiredNumberScheduled
- currentNumberScheduled
- updatedNumberScheduled
- collisionCount
- conditions
- observedGeneration
- definition: io.k8s.api.batch.v1.JobSpec
field_categories:
- name: Replicas
fields:
- template
- parallelism
- name: Lifecycle
fields:
- completions
- completionMode
- backoffLimit
- activeDeadlineSeconds
- ttlSecondsAfterFinished
- suspend
- name: Selector
fields:
- selector
- manualSelector
- definition: io.k8s.api.batch.v1.JobStatus
field_categories:
- fields:
- startTime
- completionTime
- active
- failed
- succeeded
- completedIndexes
- conditions
- uncountedTerminatedPods
- definition: io.k8s.api.batch.v1.CronJobSpec
field_categories:
- fields:
- jobTemplate
- schedule
- concurrencyPolicy
- startingDeadlineSeconds
- suspend
- successfulJobsHistoryLimit
- failedJobsHistoryLimit
- definition: io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerSpec
field_categories:
- fields:
- maxReplicas
- scaleTargetRef
- minReplicas
- behavior
- metrics
- definition: io.k8s.api.autoscaling.v2beta2.HPAScalingPolicy
field_categories:
- fields:
- type
- value
- periodSeconds
- definition: io.k8s.api.core.v1.ServiceSpec
field_categories:
- fields:
- selector
- ports
- type
- ipFamilies
- ipFamilyPolicy
- clusterIP
- clusterIPs
- externalIPs
- sessionAffinity
- loadBalancerIP
- loadBalancerSourceRanges
- loadBalancerClass
- externalName
- externalTrafficPolicy
- internalTrafficPolicy
- healthCheckNodePort
- publishNotReadyAddresses
- sessionAffinityConfig
- allocateLoadBalancerNodePorts
- definition: io.k8s.api.core.v1.ServicePort
field_categories:
- fields:
- port
- targetPort
- protocol
- name
- nodePort
- appProtocol
- definition: io.k8s.api.core.v1.EndpointSubset
field_categories:
- fields:
- addresses
- notReadyAddresses
- ports
- definition: io.k8s.api.core.v1.EndpointPort
field_categories:
- fields:
- port
- protocol
- name
- appProtocol
- definition: io.k8s.api.discovery.v1.EndpointPort
field_categories:
- fields:
- port
- protocol
- name
- appProtocol
- definition: io.k8s.api.core.v1.Volume
field_categories:
- fields:
- name
- name: Exposed Persistent volumes
fields:
- persistentVolumeClaim
- name: Projections
fields:
- configMap
- secret
- downwardAPI
- projected
- name: Local / Temporary Directory
fields:
- emptyDir
- hostPath
- name: Persistent volumes
fields:
- awsElasticBlockStore
- azureDisk
- azureFile
- cephfs
- cinder
- csi
- fc
- flexVolume
- flocker
- gcePersistentDisk
- glusterfs
- iscsi
- nfs
- photonPersistentDisk
- portworxVolume
- quobyte
- rbd
- scaleIO
- storageos
- vsphereVolume
- name: Alpha level
fields:
- ephemeral
- name: Deprecated
fields:
- gitRepo
- definition: io.k8s.api.core.v1.ConfigMapVolumeSource
field_categories:
- fields:
- name
- optional
- defaultMode
- items
- definition: io.k8s.api.core.v1.SecretVolumeSource
field_categories:
- fields:
- secretName
- optional
- defaultMode
- items
- definition: io.k8s.api.core.v1.ConfigMapProjection
field_categories:
- fields:
- name
- optional
- items
- definition: io.k8s.api.core.v1.SecretProjection
field_categories:
- fields:
- name
- optional
- items
- definition: io.k8s.api.core.v1.ProjectedVolumeSource
field_categories:
- fields:
- defaultMode
- sources
- definition: io.k8s.api.core.v1.PersistentVolumeClaimSpec
field_categories:
- fields:
- accessModes
- selector
- resources
- volumeName
- storageClassName
- volumeMode
- name: Alpha level
fields:
- dataSource
- dataSourceRef
- definition: io.k8s.api.core.v1.PersistentVolumeSpec
field_categories:
- fields:
- accessModes
- capacity
- claimRef
- mountOptions
- nodeAffinity
- persistentVolumeReclaimPolicy
- storageClassName
- volumeMode
- name: Local
fields:
- hostPath
- local
- name: Persistent volumes
fields:
- awsElasticBlockStore
- azureDisk
- azureFile
- cephfs
- cinder
- csi
- fc
- flexVolume
- flocker
- gcePersistentDisk
- glusterfs
- iscsi
- nfs
- photonPersistentDisk
- portworxVolume
- quobyte
- rbd
- scaleIO
- storageos
- vsphereVolume
- definition: io.k8s.api.rbac.v1.PolicyRule
field_categories:
- fields:
- apiGroups
- resources
- verbs
- resourceNames
- nonResourceURLs
- definition: io.k8s.api.networking.v1.NetworkPolicySpec
field_categories:
- fields:
- podSelector
- policyTypes
- ingress
- egress
- definition: io.k8s.api.networking.v1.NetworkPolicyEgressRule
field_categories:
- fields:
- to
- ports
- definition: io.k8s.api.networking.v1.NetworkPolicyPort
field_categories:
- fields:
- port
- endPort
- protocol
- definition: io.k8s.api.policy.v1beta1.PodSecurityPolicySpec
field_categories:
- fields:
- runAsUser
- runAsGroup
- fsGroup
- supplementalGroups
- seLinux
- readOnlyRootFilesystem
- privileged
- allowPrivilegeEscalation
- defaultAllowPrivilegeEscalation
- allowedCSIDrivers
- allowedCapabilities
- requiredDropCapabilities
- defaultAddCapabilities
- allowedFlexVolumes
- allowedHostPaths
- allowedProcMountTypes
- allowedUnsafeSysctls
- forbiddenSysctls
- hostIPC
- hostNetwork
- hostPID
- hostPorts
- runtimeClass
- volumes
- definition: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
field_categories:
- fields:
- name
- generateName
- namespace
- labels
- annotations
- name: System
fields:
- finalizers
- managedFields
- ownerReferences
- name: Read-only
fields:
- creationTimestamp
- deletionGracePeriodSeconds
- deletionTimestamp
- generation
- resourceVersion
- selfLink
- uid
- name: Ignored
fields:
- clusterName

267
api-ref-assets/config/toc.yaml Normal file
View File

@ -0,0 +1,267 @@
# Copyright 2016 The Kubernetes Authors.
# Copyright 2020 Philippe Martin
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
parts:
- name: Workload Resources
chapters:
- name: Pod
group: ""
version: v1
otherDefinitions:
- PodSpec
- Container
- EphemeralContainer
- Handler
- NodeAffinity
- PodAffinity
- PodAntiAffinity
- Probe
- PodStatus
- PodList
- name: PodTemplate
group: ""
version: v1
- name: ReplicationController
group: ""
version: v1
- name: ReplicaSet
group: apps
version: v1
- name: Deployment
group: apps
version: v1
- name: StatefulSet
group: apps
version: v1
- name: ControllerRevision
group: apps
version: v1
- name: DaemonSet
group: apps
version: v1
- name: Job
group: batch
version: v1
- name: CronJob
group: batch
version: v1
- name: HorizontalPodAutoscaler
group: autoscaling
version: v1
- name: HorizontalPodAutoscaler
group: autoscaling
version: v2beta2
- name: PriorityClass
group: scheduling.k8s.io
version: v1
- name: Service Resources
chapters:
- name: Service
group: ""
version: v1
- name: Endpoints
group: ""
version: v1
- name: EndpointSlice
group: discovery.k8s.io
version: v1
- name: Ingress
group: networking.k8s.io
version: v1
otherDefinitions:
- IngressSpec
- IngressBackend
- IngressStatus
- IngressList
- name: IngressClass
group: networking.k8s.io
version: v1
- name: Config and Storage Resources
chapters:
- name: ConfigMap
group: ""
version: v1
- name: Secret
group: ""
version: v1
- name: Volume
key: io.k8s.api.core.v1.Volume
otherDefinitions:
- DownwardAPIVolumeFile
- KeyToPath
- name: PersistentVolumeClaim
group: ""
version: v1
- name: PersistentVolume
group: ""
version: v1
- name: StorageClass
group: storage.k8s.io
version: v1
- name: VolumeAttachment
group: storage.k8s.io
version: v1
- name: CSIDriver
group: storage.k8s.io
version: v1
- name: CSINode
group: storage.k8s.io
version: v1
- name: CSIStorageCapacity
group: storage.k8s.io
version: v1beta1
- name: Authentication Resources
chapters:
- name: ServiceAccount
group: ""
version: v1
- name: TokenRequest
group: authentication.k8s.io
version: v1
- name: TokenReview
group: authentication.k8s.io
version: v1
- name: CertificateSigningRequest
group: certificates.k8s.io
version: v1
- name: Authorization Resources
chapters:
- name: LocalSubjectAccessReview
group: authorization.k8s.io
version: v1
- name: SelfSubjectAccessReview
group: authorization.k8s.io
version: v1
- name: SelfSubjectRulesReview
group: authorization.k8s.io
version: v1
- name: SubjectAccessReview
group: authorization.k8s.io
version: v1
- name: ClusterRole
group: rbac.authorization.k8s.io
version: v1
- name: ClusterRoleBinding
group: rbac.authorization.k8s.io
version: v1
- name: Role
group: rbac.authorization.k8s.io
version: v1
- name: RoleBinding
group: rbac.authorization.k8s.io
version: v1
- name: Policy Resources
chapters:
- name: LimitRange
group: ""
version: v1
- name: ResourceQuota
group: ""
version: v1
- name: NetworkPolicy
group: networking.k8s.io
version: v1
- name: PodDisruptionBudget
group: policy
version: v1
- name: PodSecurityPolicy
group: policy
version: v1beta1
- name: Extend Resources
chapters:
- name: CustomResourceDefinition
group: apiextensions.k8s.io
version: v1
otherDefinitions:
- CustomResourceDefinitionSpec
- JSONSchemaProps
- CustomResourceDefinitionStatus
- CustomResourceDefinitionList
- name: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
version: v1
- name: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
version: v1
- name: Cluster Resources
chapters:
- name: Node
group: ""
version: v1
- name: Namespace
group: ""
version: v1
- name: Event
group: events.k8s.io
version: v1
- name: APIService
group: apiregistration.k8s.io
version: v1
- name: Lease
group: coordination.k8s.io
version: v1
- name: RuntimeClass
group: node.k8s.io
version: v1
- name: FlowSchema
group: flowcontrol.apiserver.k8s.io
version: v1beta1
- name: PriorityLevelConfiguration
group: flowcontrol.apiserver.k8s.io
version: v1beta1
- name: Binding
group: ""
version: v1
- name: ComponentStatus
group: ""
version: v1
- name: Common Definitions
chapters:
- name: DeleteOptions
key: io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions
- name: LabelSelector
key: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
- name: ListMeta
key: io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta
- name: LocalObjectReference
key: io.k8s.api.core.v1.LocalObjectReference
- name: NodeSelectorRequirement
key: io.k8s.api.core.v1.NodeSelectorRequirement
- name: ObjectFieldSelector
key: io.k8s.api.core.v1.ObjectFieldSelector
- name: ObjectMeta
key: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
- name: ObjectReference
key: io.k8s.api.core.v1.ObjectReference
- name: Patch
key: io.k8s.apimachinery.pkg.apis.meta.v1.Patch
- name: Quantity
key: "io.k8s.apimachinery.pkg.api.resource.Quantity"
- name: ResourceFieldSelector
key: io.k8s.api.core.v1.ResourceFieldSelector
- name: Status
key: io.k8s.apimachinery.pkg.apis.meta.v1.Status
- name: TypedLocalObjectReference
key: io.k8s.api.core.v1.TypedLocalObjectReference
skippedResources:
- APIGroup
- APIGroupList
- APIResourceList
- APIVersions
- Eviction
- Scale
- Status
- StorageVersion
- StorageVersionList

83
api-ref-assets/templates/chapter-single-definition.tmpl Normal file
View File

@ -0,0 +1,83 @@
---
api_metadata:
apiVersion: "{{.ApiVersion}}"
import: "{{.Import}}"
kind: "{{.Kind}}"
content_type: "api_reference"
description: "{{.Metadata.Description}}"
title: "{{.Metadata.Title}}"
weight: {{.Metadata.Weight}}
auto_generated: true
---
<!--
The file is auto-generated from the Go source code of the component using a generic
[generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how
to generate the reference documentation, please read
[Contributing to the reference documentation](/docs/contribute/generate-ref-docs/).
To update the reference content, please follow the
[Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/)
guide. You can file document formatting bugs against the
[reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project.
-->
{{if .ApiVersion}}`apiVersion: {{.ApiVersion}}`{{end}}
{{if .Import}}`import "{{.Import}}"`{{end}}
{{range .Sections}}
{{.Description | replace "<" "\\<" }}
<hr>
{{range .Fields}}
{{ "" | indent .Indent | indent .Indent}}- {{.Name}}{{if .Value}}: {{.Value}}{{end}}
{{if .Description}}
{{.Description | replace "<" "\\<" | indent 2 | indent .Indent | indent .Indent}}
{{- end}}
{{if .TypeDefinition}}
{{ "" | indent .Indent | indent .Indent}} <a name="{{.Type}}"></a>
{{.TypeDefinition | indent 2 | indent .Indent | indent .Indent}}
{{end}}
{{- end}}{{/* range .Fields */}}
{{range .FieldCategories}}
### {{.Name}} {#{{"-" | regexReplaceAll "[^a-zA-Z0-9]+" .Name }}}{{/* explicitly set fragment to keep capitalization */}}
{{range .Fields}}
{{ "" | indent .Indent | indent .Indent}}- {{.Name}}{{if .Value}}: {{.Value}}{{end}}
{{if .Description}}
{{.Description | replace "<" "\\<" | indent 2 | indent .Indent | indent .Indent}}
{{- end}}
{{if .TypeDefinition}}
{{ "" | indent .Indent | indent .Indent}} <a name="{{.Type}}"></a>
{{.TypeDefinition | indent 2 | indent .Indent | indent .Indent}}
{{end}}
{{- end}}{{/* range .Fields */}}
{{- end}}{{/* range .FieldCategories */}}
{{range .Operations}}
### `{{.Verb}}` {{.Title}}
#### HTTP Request
{{.RequestMethod}} {{.RequestPath}}
#### Parameters
{{range .Parameters}}
- {{.Title}}
{{.Description | indent 2}}
{{end}}{{/* range .Parameters */}}
#### Response
{{range .Responses}}
{{.Code}}{{if .Type}} ({{.Type}}){{end}}: {{.Description}}
{{end}}{{/* range .Responses */}}
{{- end}}{{/* range .Operations */}}
{{- end}}{{/* range .Sections */}}

85
api-ref-assets/templates/chapter.tmpl Normal file
View File

@ -0,0 +1,85 @@
---
api_metadata:
apiVersion: "{{.ApiVersion}}"
import: "{{.Import}}"
kind: "{{.Kind}}"
content_type: "api_reference"
description: "{{.Metadata.Description}}"
title: "{{.Metadata.Title}}"
weight: {{.Metadata.Weight}}
auto_generated: true
---
<!--
The file is auto-generated from the Go source code of the component using a generic
[generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how
to generate the reference documentation, please read
[Contributing to the reference documentation](/docs/contribute/generate-ref-docs/).
To update the reference content, please follow the
[Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/)
guide. You can file document formatting bugs against the
[reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project.
-->
{{if .ApiVersion}}`apiVersion: {{.ApiVersion}}`{{end}}
{{if .Import}}`import "{{.Import}}"`{{end}}
{{range .Sections}}
## {{.Name}} {#{{"-" | regexReplaceAll "[^a-zA-Z0-9]+" .Name }}}{{/* explicitly set fragment to keep capitalization */}}
{{.Description | replace "<" "\\<" }}
<hr>
{{range .Fields}}
{{ "" | indent .Indent | indent .Indent}}- {{.Name}}{{if .Value}}: {{.Value}}{{end}}
{{if .Description}}
{{.Description | replace "<" "\\<" | indent 2 | indent .Indent | indent .Indent}}
{{- end}}
{{if .TypeDefinition}}
{{ "" | indent .Indent | indent .Indent}} <a name="{{.Type}}"></a>
{{.TypeDefinition | indent 2 | indent .Indent | indent .Indent}}
{{end}}
{{- end}}{{/* range .Fields */}}
{{range .FieldCategories}}
### {{.Name}}
{{range .Fields}}
{{ "" | indent .Indent | indent .Indent}}- {{.Name}}{{if .Value}}: {{.Value}}{{end}}
{{if .Description}}
{{.Description | replace "<" "\\<" | indent 2 | indent .Indent | indent .Indent}}
{{- end}}
{{if .TypeDefinition}}
{{ "" | indent .Indent | indent .Indent}} <a name="{{.Type}}"></a>
{{.TypeDefinition | indent 2 | indent .Indent | indent .Indent}}
{{end}}
{{- end}}{{/* range .Fields */}}
{{- end}}{{/* range .FieldCategories */}}
{{range .Operations}}
### `{{.Verb}}` {{.Title}}
#### HTTP Request
{{.RequestMethod}} {{.RequestPath}}
#### Parameters
{{range .Parameters}}
- {{.Title}}
{{.Description | indent 2}}
{{end}}{{/* range .Parameters */}}
#### Response
{{range .Responses}}
{{.Code}}{{if .Type}} ({{.Type}}){{end}}: {{.Description}}
{{end}}{{/* range .Responses */}}
{{- end}}{{/* range .Operations */}}
{{- end}}{{/* range .Sections */}}

17
api-ref-assets/templates/part-index.tmpl Normal file
View File

@ -0,0 +1,17 @@
---
title: "{{.Title}}"
weight: {{.Weight}}
auto_generated: true
---
<!--
The file is auto-generated from the Go source code of the component using a generic
[generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how
to generate the reference documentation, please read
[Contributing to the reference documentation](/docs/contribute/generate-ref-docs/).
To update the reference content, please follow the
[Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/)
guide. You can file document formatting bugs against the
[reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project.
-->

25
content/en/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1.md
View File

@ -49,7 +49,7 @@ This API can be used to request client certificates to authenticate to kube-apis
- **spec** (<a href="{{< ref "../authentication-resources/certificate-signing-request-v1#CertificateSigningRequestSpec" >}}">CertificateSigningRequestSpec</a>), required
spec contains the certificate request, and is immutable after creation. Only the request, signerName, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users.
spec contains the certificate request, and is immutable after creation. Only the request, signerName, expirationSeconds, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users.
- **status** (<a href="{{< ref "../authentication-resources/certificate-signing-request-v1#CertificateSigningRequestStatus" >}}">CertificateSigningRequestStatus</a>)
@ -95,6 +95,23 @@ CertificateSigningRequestSpec contains the certificate request.
5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
6. Whether or not requests for CA certificates are allowed.
- **expirationSeconds** (int32)
expirationSeconds is the requested duration of validity of the issued certificate. The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration.
The v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager.
Certificate signers may not honor this field for various reasons:
1. Old signer that is unaware of the field (such as the in-tree
implementations prior to v1.22)
2. Signer whose configured maximum is shorter than the requested duration
3. Signer whose configured minimum is longer than the requested duration
The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
- **extra** (map[string][]string)
extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
@ -630,6 +647,8 @@ PATCH /apis/certificates.k8s.io/v1/certificatesigningrequests/{name}
200 (<a href="{{< ref "../authentication-resources/certificate-signing-request-v1#CertificateSigningRequest" >}}">CertificateSigningRequest</a>): OK
201 (<a href="{{< ref "../authentication-resources/certificate-signing-request-v1#CertificateSigningRequest" >}}">CertificateSigningRequest</a>): Created
401: Unauthorized
@ -678,6 +697,8 @@ PATCH /apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/approval
200 (<a href="{{< ref "../authentication-resources/certificate-signing-request-v1#CertificateSigningRequest" >}}">CertificateSigningRequest</a>): OK
201 (<a href="{{< ref "../authentication-resources/certificate-signing-request-v1#CertificateSigningRequest" >}}">CertificateSigningRequest</a>): Created
401: Unauthorized
@ -726,6 +747,8 @@ PATCH /apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/status
200 (<a href="{{< ref "../authentication-resources/certificate-signing-request-v1#CertificateSigningRequest" >}}">CertificateSigningRequest</a>): OK
201 (<a href="{{< ref "../authentication-resources/certificate-signing-request-v1#CertificateSigningRequest" >}}">CertificateSigningRequest</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/authentication-resources/service-account-v1.md
View File

@ -416,6 +416,8 @@ PATCH /api/v1/namespaces/{namespace}/serviceaccounts/{name}
200 (<a href="{{< ref "../authentication-resources/service-account-v1#ServiceAccount" >}}">ServiceAccount</a>): OK
201 (<a href="{{< ref "../authentication-resources/service-account-v1#ServiceAccount" >}}">ServiceAccount</a>): Created
401: Unauthorized

3
content/en/docs/reference/kubernetes-api/authentication-resources/token-request-v1.md
View File

@ -40,12 +40,15 @@ TokenRequest requests a token for a given service account.
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (<a href="{{< ref "../authentication-resources/token-request-v1#TokenRequestSpec" >}}">TokenRequestSpec</a>), required
Spec holds information about the request being evaluated
- **status** (<a href="{{< ref "../authentication-resources/token-request-v1#TokenRequestStatus" >}}">TokenRequestStatus</a>)
Status is filled in by the server and indicates whether the token can be authenticated.

1
content/en/docs/reference/kubernetes-api/authentication-resources/token-review-v1.md
View File

@ -40,6 +40,7 @@ TokenReview attempts to authenticate a token to a known user. Note: TokenReview
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (<a href="{{< ref "../authentication-resources/token-review-v1#TokenReviewSpec" >}}">TokenReviewSpec</a>), required

2
content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-binding-v1.md
View File

@ -351,6 +351,8 @@ PATCH /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/{name}
200 (<a href="{{< ref "../authorization-resources/cluster-role-binding-v1#ClusterRoleBinding" >}}">ClusterRoleBinding</a>): OK
201 (<a href="{{< ref "../authorization-resources/cluster-role-binding-v1#ClusterRoleBinding" >}}">ClusterRoleBinding</a>): Created
401: Unauthorized

6
content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1.md
View File

@ -66,11 +66,11 @@ ClusterRole is a cluster level, logical grouping of PolicyRules that can be refe
- **rules.resources** ([]string)
Resources is a list of resources this rule applies to. ResourceAll represents all resources.
Resources is a list of resources this rule applies to. '*' represents all resources.
- **rules.verbs** ([]string), required
Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. '*' represents all verbs.
- **rules.resourceNames** ([]string)
@ -347,6 +347,8 @@ PATCH /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}
200 (<a href="{{< ref "../authorization-resources/cluster-role-v1#ClusterRole" >}}">ClusterRole</a>): OK
201 (<a href="{{< ref "../authorization-resources/cluster-role-v1#ClusterRole" >}}">ClusterRole</a>): Created
401: Unauthorized

1
content/en/docs/reference/kubernetes-api/authorization-resources/local-subject-access-review-v1.md
View File

@ -40,6 +40,7 @@ LocalSubjectAccessReview checks whether or not a user or group can perform an ac
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (<a href="{{< ref "../authorization-resources/subject-access-review-v1#SubjectAccessReviewSpec" >}}">SubjectAccessReviewSpec</a>), required

2
content/en/docs/reference/kubernetes-api/authorization-resources/role-binding-v1.md
View File

@ -444,6 +444,8 @@ PATCH /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{na
200 (<a href="{{< ref "../authorization-resources/role-binding-v1#RoleBinding" >}}">RoleBinding</a>): OK
201 (<a href="{{< ref "../authorization-resources/role-binding-v1#RoleBinding" >}}">RoleBinding</a>): Created
401: Unauthorized

6
content/en/docs/reference/kubernetes-api/authorization-resources/role-v1.md
View File

@ -55,11 +55,11 @@ Role is a namespaced, logical grouping of PolicyRules that can be referenced as
- **rules.resources** ([]string)
Resources is a list of resources this rule applies to. ResourceAll represents all resources.
Resources is a list of resources this rule applies to. '*' represents all resources.
- **rules.verbs** ([]string), required
Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. '*' represents all verbs.
- **rules.resourceNames** ([]string)
@ -429,6 +429,8 @@ PATCH /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}
200 (<a href="{{< ref "../authorization-resources/role-v1#Role" >}}">Role</a>): OK
201 (<a href="{{< ref "../authorization-resources/role-v1#Role" >}}">Role</a>): Created
401: Unauthorized

1
content/en/docs/reference/kubernetes-api/authorization-resources/self-subject-access-review-v1.md
View File

@ -40,6 +40,7 @@ SelfSubjectAccessReview checks whether or the current user can perform an action
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (<a href="{{< ref "../authorization-resources/self-subject-access-review-v1#SelfSubjectAccessReviewSpec" >}}">SelfSubjectAccessReviewSpec</a>), required

3
content/en/docs/reference/kubernetes-api/authorization-resources/self-subject-rules-review-v1.md
View File

@ -40,6 +40,7 @@ SelfSubjectRulesReview enumerates the set of actions the current user can perfor
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (<a href="{{< ref "../authorization-resources/self-subject-rules-review-v1#SelfSubjectRulesReviewSpec" >}}">SelfSubjectRulesReviewSpec</a>), required
@ -105,7 +106,7 @@ SelfSubjectRulesReview enumerates the set of actions the current user can perfor
## SelfSubjectRulesReviewSpec {#SelfSubjectRulesReviewSpec}
SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview.
<hr>

1
content/en/docs/reference/kubernetes-api/authorization-resources/subject-access-review-v1.md
View File

@ -40,6 +40,7 @@ SubjectAccessReview checks whether or not a user or group can perform an action.
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (<a href="{{< ref "../authorization-resources/subject-access-review-v1#SubjectAccessReviewSpec" >}}">SubjectAccessReviewSpec</a>), required

7
content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md
View File

@ -40,6 +40,7 @@ APIService represents a server for a particular GroupVersion. Name must be "vers
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (<a href="{{< ref "../cluster-resources/api-service-v1#APIServiceSpec" >}}">APIServiceSpec</a>)
@ -166,9 +167,11 @@ APIServiceList is a list of APIService objects.
- **metadata** (<a href="{{< ref "../common-definitions/list-meta#ListMeta" >}}">ListMeta</a>)
Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **items** ([]<a href="{{< ref "../cluster-resources/api-service-v1#APIService" >}}">APIService</a>), required
Items is the list of APIService
@ -486,6 +489,8 @@ PATCH /apis/apiregistration.k8s.io/v1/apiservices/{name}
200 (<a href="{{< ref "../cluster-resources/api-service-v1#APIService" >}}">APIService</a>): OK
201 (<a href="{{< ref "../cluster-resources/api-service-v1#APIService" >}}">APIService</a>): Created
401: Unauthorized
@ -534,6 +539,8 @@ PATCH /apis/apiregistration.k8s.io/v1/apiservices/{name}/status
200 (<a href="{{< ref "../cluster-resources/api-service-v1#APIService" >}}">APIService</a>): OK
201 (<a href="{{< ref "../cluster-resources/api-service-v1#APIService" >}}">APIService</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/cluster-resources/event-v1.md
View File

@ -492,6 +492,8 @@ PATCH /apis/events.k8s.io/v1/namespaces/{namespace}/events/{name}
200 (<a href="{{< ref "../cluster-resources/event-v1#Event" >}}">Event</a>): OK
201 (<a href="{{< ref "../cluster-resources/event-v1#Event" >}}">Event</a>): Created
401: Unauthorized

9
content/en/docs/reference/kubernetes-api/cluster-resources/flow-schema-v1beta1.md
View File

@ -106,10 +106,11 @@ FlowSchemaSpec describes how the FlowSchema's specification looks like.
- **rules.subjects.kind** (string), required
Required
`kind` indicates which one of the other fields is non-empty. Required
- **rules.subjects.group** (GroupSubject)
`group` matches based on user group name.
<a name="GroupSubject"></a>
*GroupSubject holds detailed information for group-kind subject.*
@ -120,6 +121,7 @@ FlowSchemaSpec describes how the FlowSchema's specification looks like.
- **rules.subjects.serviceAccount** (ServiceAccountSubject)
`serviceAccount` matches ServiceAccounts.
<a name="ServiceAccountSubject"></a>
*ServiceAccountSubject holds detailed information for service-account-kind subject.*
@ -134,6 +136,7 @@ FlowSchemaSpec describes how the FlowSchema's specification looks like.
- **rules.subjects.user** (UserSubject)
`user` matches based on username.
<a name="UserSubject"></a>
*UserSubject holds detailed information for user-kind subject.*
@ -588,6 +591,8 @@ PATCH /apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name}
200 (<a href="{{< ref "../cluster-resources/flow-schema-v1beta1#FlowSchema" >}}">FlowSchema</a>): OK
201 (<a href="{{< ref "../cluster-resources/flow-schema-v1beta1#FlowSchema" >}}">FlowSchema</a>): Created
401: Unauthorized
@ -636,6 +641,8 @@ PATCH /apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name}/status
200 (<a href="{{< ref "../cluster-resources/flow-schema-v1beta1#FlowSchema" >}}">FlowSchema</a>): OK
201 (<a href="{{< ref "../cluster-resources/flow-schema-v1beta1#FlowSchema" >}}">FlowSchema</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/cluster-resources/lease-v1.md
View File

@ -442,6 +442,8 @@ PATCH /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases/{name}
200 (<a href="{{< ref "../cluster-resources/lease-v1#Lease" >}}">Lease</a>): OK
201 (<a href="{{< ref "../cluster-resources/lease-v1#Lease" >}}">Lease</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/cluster-resources/namespace-v1.md
View File

@ -492,6 +492,8 @@ PATCH /api/v1/namespaces/{name}
200 (<a href="{{< ref "../cluster-resources/namespace-v1#Namespace" >}}">Namespace</a>): OK
201 (<a href="{{< ref "../cluster-resources/namespace-v1#Namespace" >}}">Namespace</a>): Created
401: Unauthorized
@ -540,6 +542,8 @@ PATCH /api/v1/namespaces/{name}/status
200 (<a href="{{< ref "../cluster-resources/namespace-v1#Namespace" >}}">Namespace</a>): OK
201 (<a href="{{< ref "../cluster-resources/namespace-v1#Namespace" >}}">Namespace</a>): Created
401: Unauthorized

24
content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md
View File

@ -62,17 +62,17 @@ NodeSpec describes the attributes that a node is created with.
- **configSource** (NodeConfigSource)
If specified, the source to get node configuration from The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field
Deprecated. If specified, the source of the node's configuration. The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field. This field is deprecated as of 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
<a name="NodeConfigSource"></a>
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **configSource.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
<a name="ConfigMapNodeConfigSource"></a>
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **configSource.configMap.kubeletConfigKey** (string), required
@ -226,14 +226,14 @@ NodeStatus is information about the current status of a node.
Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.
<a name="NodeConfigSource"></a>
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **config.active.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
<a name="ConfigMapNodeConfigSource"></a>
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **config.active.configMap.kubeletConfigKey** (string), required
@ -260,14 +260,14 @@ NodeStatus is information about the current status of a node.
Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.
<a name="NodeConfigSource"></a>
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **config.assigned.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
<a name="ConfigMapNodeConfigSource"></a>
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **config.assigned.configMap.kubeletConfigKey** (string), required
@ -298,14 +298,14 @@ NodeStatus is information about the current status of a node.
LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.
<a name="NodeConfigSource"></a>
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **config.lastKnownGood.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
<a name="ConfigMapNodeConfigSource"></a>
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **config.lastKnownGood.configMap.kubeletConfigKey** (string), required
@ -352,7 +352,7 @@ NodeStatus is information about the current status of a node.
<a name="ContainerImage"></a>
*Describe a container image*
- **images.names** ([]string), required
- **images.names** ([]string)
Names by which this image is known. e.g. ["k8s.gcr.io/hyperkube:v1.0.7", "dockerhub.io/google_containers/hyperkube:v1.0.7"]
@ -770,6 +770,8 @@ PATCH /api/v1/nodes/{name}
200 (<a href="{{< ref "../cluster-resources/node-v1#Node" >}}">Node</a>): OK
201 (<a href="{{< ref "../cluster-resources/node-v1#Node" >}}">Node</a>): Created
401: Unauthorized
@ -818,6 +820,8 @@ PATCH /api/v1/nodes/{name}/status
200 (<a href="{{< ref "../cluster-resources/node-v1#Node" >}}">Node</a>): OK
201 (<a href="{{< ref "../cluster-resources/node-v1#Node" >}}">Node</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/cluster-resources/priority-level-configuration-v1beta1.md
View File

@ -493,6 +493,8 @@ PATCH /apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{na
200 (<a href="{{< ref "../cluster-resources/priority-level-configuration-v1beta1#PriorityLevelConfiguration" >}}">PriorityLevelConfiguration</a>): OK
201 (<a href="{{< ref "../cluster-resources/priority-level-configuration-v1beta1#PriorityLevelConfiguration" >}}">PriorityLevelConfiguration</a>): Created
401: Unauthorized
@ -541,6 +543,8 @@ PATCH /apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{na
200 (<a href="{{< ref "../cluster-resources/priority-level-configuration-v1beta1#PriorityLevelConfiguration" >}}">PriorityLevelConfiguration</a>): OK
201 (<a href="{{< ref "../cluster-resources/priority-level-configuration-v1beta1#PriorityLevelConfiguration" >}}">PriorityLevelConfiguration</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/cluster-resources/runtime-class-v1.md
View File

@ -366,6 +366,8 @@ PATCH /apis/node.k8s.io/v1/runtimeclasses/{name}
200 (<a href="{{< ref "../cluster-resources/runtime-class-v1#RuntimeClass" >}}">RuntimeClass</a>): OK
201 (<a href="{{< ref "../cluster-resources/runtime-class-v1#RuntimeClass" >}}">RuntimeClass</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/common-definitions/object-meta.md
View File

@ -99,6 +99,10 @@ ObjectMeta is metadata that all persisted resources must have, which includes al
Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.
- **managedFields.subresource** (string)
Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.
- **managedFields.time** (Time)
Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

2
content/en/docs/reference/kubernetes-api/common-parameters/common-parameters.md
View File

@ -28,7 +28,7 @@ guide. You can file document formatting bugs against the
## allowWatchBookmarks {#allowWatchBookmarks}
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
<hr>

2
content/en/docs/reference/kubernetes-api/config-and-storage-resources/config-map-v1.md
View File

@ -414,6 +414,8 @@ PATCH /api/v1/namespaces/{namespace}/configmaps/{name}
200 (<a href="{{< ref "../config-and-storage-resources/config-map-v1#ConfigMap" >}}">ConfigMap</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/config-map-v1#ConfigMap" >}}">ConfigMap</a>): Created
401: Unauthorized

10
content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md
View File

@ -64,9 +64,11 @@ CSIDriverSpec is the specification of a CSIDriver.
- **fsGroupPolicy** (string)
Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. This field is alpha-level, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.
Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. This field is beta, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.
This field is immutable.
Defaults to ReadWriteOnceWithFSType, which will examine each volume to determine if Kubernetes should modify ownership and permissions of the volume. With the default policy the defined fsGroup will only be applied if a fstype is defined and the volume's access mode contains ReadWriteOnce.
- **podInfoOnMount** (boolean)
@ -82,8 +84,6 @@ CSIDriverSpec is the specification of a CSIDriver.
RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.
Note: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.
This is a beta feature and only available when the CSIServiceAccountToken feature is enabled.
- **storageCapacity** (boolean)
@ -110,8 +110,6 @@ CSIDriverSpec is the specification of a CSIDriver.
}
Note: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.
This is a beta feature and only available when the CSIServiceAccountToken feature is enabled.
<a name="TokenRequest"></a>
*TokenRequest contains parameters of a service account token.*
@ -399,6 +397,8 @@ PATCH /apis/storage.k8s.io/v1/csidrivers/{name}
200 (<a href="{{< ref "../config-and-storage-resources/csi-driver-v1#CSIDriver" >}}">CSIDriver</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/csi-driver-v1#CSIDriver" >}}">CSIDriver</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-node-v1.md
View File

@ -355,6 +355,8 @@ PATCH /apis/storage.k8s.io/v1/csinodes/{name}
200 (<a href="{{< ref "../config-and-storage-resources/csi-node-v1#CSINode" >}}">CSINode</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/csi-node-v1#CSINode" >}}">CSINode</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-storage-capacity-v1beta1.md
View File

@ -436,6 +436,8 @@ PATCH /apis/storage.k8s.io/v1beta1/namespaces/{namespace}/csistoragecapacities/{
200 (<a href="{{< ref "../config-and-storage-resources/csi-storage-capacity-v1beta1#CSIStorageCapacity" >}}">CSIStorageCapacity</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/csi-storage-capacity-v1beta1#CSIStorageCapacity" >}}">CSIStorageCapacity</a>): Created
401: Unauthorized

15
content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1.md
View File

@ -102,7 +102,16 @@ PersistentVolumeClaimSpec describes the common attributes of storage devices and
- **dataSource** (<a href="{{< ref "../common-definitions/typed-local-object-reference#TypedLocalObjectReference" >}}">TypedLocalObjectReference</a>)
This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.
This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.
- **dataSourceRef** (<a href="{{< ref "../common-definitions/typed-local-object-reference#TypedLocalObjectReference" >}}">TypedLocalObjectReference</a>)
Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef
allows any non-core object, as well as PersistentVolumeClaim objects.
* While DataSource ignores disallowed values (dropping them), DataSourceRef
preserves all values, and generates an error if a disallowed value is
specified.
(Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
@ -604,6 +613,8 @@ PATCH /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}
200 (<a href="{{< ref "../config-and-storage-resources/persistent-volume-claim-v1#PersistentVolumeClaim" >}}">PersistentVolumeClaim</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/persistent-volume-claim-v1#PersistentVolumeClaim" >}}">PersistentVolumeClaim</a>): Created
401: Unauthorized
@ -657,6 +668,8 @@ PATCH /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}/status
200 (<a href="{{< ref "../config-and-storage-resources/persistent-volume-claim-v1#PersistentVolumeClaim" >}}">PersistentVolumeClaim</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/persistent-volume-claim-v1#PersistentVolumeClaim" >}}">PersistentVolumeClaim</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1.md
View File

@ -1189,6 +1189,8 @@ PATCH /api/v1/persistentvolumes/{name}
200 (<a href="{{< ref "../config-and-storage-resources/persistent-volume-v1#PersistentVolume" >}}">PersistentVolume</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/persistent-volume-v1#PersistentVolume" >}}">PersistentVolume</a>): Created
401: Unauthorized
@ -1237,6 +1239,8 @@ PATCH /api/v1/persistentvolumes/{name}/status
200 (<a href="{{< ref "../config-and-storage-resources/persistent-volume-v1#PersistentVolume" >}}">PersistentVolume</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/persistent-volume-v1#PersistentVolume" >}}">PersistentVolume</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1.md
View File

@ -418,6 +418,8 @@ PATCH /api/v1/namespaces/{namespace}/secrets/{name}
200 (<a href="{{< ref "../config-and-storage-resources/secret-v1#Secret" >}}">Secret</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/secret-v1#Secret" >}}">Secret</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/config-and-storage-resources/storage-class-v1.md
View File

@ -54,6 +54,8 @@ StorageClasses are non-namespaced; the name of the storage class according to et
- **allowedTopologies** ([]TopologySelectorTerm)
*Atomic: will be replaced during a merge*
Restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is only honored by servers that enable the VolumeScheduling feature.
<a name="TopologySelectorTerm"></a>
@ -357,6 +359,8 @@ PATCH /apis/storage.k8s.io/v1/storageclasses/{name}
200 (<a href="{{< ref "../config-and-storage-resources/storage-class-v1#StorageClass" >}}">StorageClass</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/storage-class-v1#StorageClass" >}}">StorageClass</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md
View File

@ -479,6 +479,8 @@ PATCH /apis/storage.k8s.io/v1/volumeattachments/{name}
200 (<a href="{{< ref "../config-and-storage-resources/volume-attachment-v1#VolumeAttachment" >}}">VolumeAttachment</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/volume-attachment-v1#VolumeAttachment" >}}">VolumeAttachment</a>): Created
401: Unauthorized
@ -527,6 +529,8 @@ PATCH /apis/storage.k8s.io/v1/volumeattachments/{name}/status
200 (<a href="{{< ref "../config-and-storage-resources/volume-attachment-v1#VolumeAttachment" >}}">VolumeAttachment</a>): OK
201 (<a href="{{< ref "../config-and-storage-resources/volume-attachment-v1#VolumeAttachment" >}}">VolumeAttachment</a>): Created
401: Unauthorized

6
content/en/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1.md
View File

@ -40,6 +40,7 @@ CustomResourceDefinition represents a resource that should be exposed on the API
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
Standard object's metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (<a href="{{< ref "../extend-resources/custom-resource-definition-v1#CustomResourceDefinitionSpec" >}}">CustomResourceDefinitionSpec</a>), required
@ -590,6 +591,7 @@ CustomResourceDefinitionList is a list of CustomResourceDefinition objects.
- **metadata** (<a href="{{< ref "../common-definitions/list-meta#ListMeta" >}}">ListMeta</a>)
Standard object's metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
@ -907,6 +909,8 @@ PATCH /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}
200 (<a href="{{< ref "../extend-resources/custom-resource-definition-v1#CustomResourceDefinition" >}}">CustomResourceDefinition</a>): OK
201 (<a href="{{< ref "../extend-resources/custom-resource-definition-v1#CustomResourceDefinition" >}}">CustomResourceDefinition</a>): Created
401: Unauthorized
@ -955,6 +959,8 @@ PATCH /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}/status
200 (<a href="{{< ref "../extend-resources/custom-resource-definition-v1#CustomResourceDefinition" >}}">CustomResourceDefinition</a>): OK
201 (<a href="{{< ref "../extend-resources/custom-resource-definition-v1#CustomResourceDefinition" >}}">CustomResourceDefinition</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1.md
View File

@ -479,6 +479,8 @@ PATCH /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/{name}
200 (<a href="{{< ref "../extend-resources/mutating-webhook-configuration-v1#MutatingWebhookConfiguration" >}}">MutatingWebhookConfiguration</a>): OK
201 (<a href="{{< ref "../extend-resources/mutating-webhook-configuration-v1#MutatingWebhookConfiguration" >}}">MutatingWebhookConfiguration</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1.md
View File

@ -469,6 +469,8 @@ PATCH /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/{nam
200 (<a href="{{< ref "../extend-resources/validating-webhook-configuration-v1#ValidatingWebhookConfiguration" >}}">ValidatingWebhookConfiguration</a>): OK
201 (<a href="{{< ref "../extend-resources/validating-webhook-configuration-v1#ValidatingWebhookConfiguration" >}}">ValidatingWebhookConfiguration</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/policy-resources/limit-range-v1.md
View File

@ -447,6 +447,8 @@ PATCH /api/v1/namespaces/{namespace}/limitranges/{name}
200 (<a href="{{< ref "../policy-resources/limit-range-v1#LimitRange" >}}">LimitRange</a>): OK
201 (<a href="{{< ref "../policy-resources/limit-range-v1#LimitRange" >}}">LimitRange</a>): Created
401: Unauthorized

6
content/en/docs/reference/kubernetes-api/policy-resources/network-policy-v1.md
View File

@ -121,7 +121,7 @@ NetworkPolicySpec provides the specification of a NetworkPolicy
- **ingress.ports.endPort** (int32)
If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Alpha state and should be enabled using the Feature Gate "NetworkPolicyEndPort".
If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Beta state and is enabled by default. It can be disabled using the Feature Gate "NetworkPolicyEndPort".
- **ingress.ports.protocol** (string)
@ -184,7 +184,7 @@ NetworkPolicySpec provides the specification of a NetworkPolicy
- **egress.ports.endPort** (int32)
If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Alpha state and should be enabled using the Feature Gate "NetworkPolicyEndPort".
If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Beta state and is enabled by default. It can be disabled using the Feature Gate "NetworkPolicyEndPort".
- **egress.ports.protocol** (string)
@ -550,6 +550,8 @@ PATCH /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}
200 (<a href="{{< ref "../policy-resources/network-policy-v1#NetworkPolicy" >}}">NetworkPolicy</a>): OK
201 (<a href="{{< ref "../policy-resources/network-policy-v1#NetworkPolicy" >}}">NetworkPolicy</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1.md
View File

@ -604,6 +604,8 @@ PATCH /apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}
200 (<a href="{{< ref "../policy-resources/pod-disruption-budget-v1#PodDisruptionBudget" >}}">PodDisruptionBudget</a>): OK
201 (<a href="{{< ref "../policy-resources/pod-disruption-budget-v1#PodDisruptionBudget" >}}">PodDisruptionBudget</a>): Created
401: Unauthorized
@ -657,6 +659,8 @@ PATCH /apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}/status
200 (<a href="{{< ref "../policy-resources/pod-disruption-budget-v1#PodDisruptionBudget" >}}">PodDisruptionBudget</a>): OK
201 (<a href="{{< ref "../policy-resources/pod-disruption-budget-v1#PodDisruptionBudget" >}}">PodDisruptionBudget</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/policy-resources/pod-security-policy-v1beta1.md
View File

@ -590,6 +590,8 @@ PATCH /apis/policy/v1beta1/podsecuritypolicies/{name}
200 (<a href="{{< ref "../policy-resources/pod-security-policy-v1beta1#PodSecurityPolicy" >}}">PodSecurityPolicy</a>): OK
201 (<a href="{{< ref "../policy-resources/pod-security-policy-v1beta1#PodSecurityPolicy" >}}">PodSecurityPolicy</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/policy-resources/resource-quota-v1.md
View File

@ -555,6 +555,8 @@ PATCH /api/v1/namespaces/{namespace}/resourcequotas/{name}
200 (<a href="{{< ref "../policy-resources/resource-quota-v1#ResourceQuota" >}}">ResourceQuota</a>): OK
201 (<a href="{{< ref "../policy-resources/resource-quota-v1#ResourceQuota" >}}">ResourceQuota</a>): Created
401: Unauthorized
@ -608,6 +610,8 @@ PATCH /api/v1/namespaces/{namespace}/resourcequotas/{name}/status
200 (<a href="{{< ref "../policy-resources/resource-quota-v1#ResourceQuota" >}}">ResourceQuota</a>): OK
201 (<a href="{{< ref "../policy-resources/resource-quota-v1#ResourceQuota" >}}">ResourceQuota</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md
View File

@ -505,6 +505,8 @@ PATCH /apis/discovery.k8s.io/v1/namespaces/{namespace}/endpointslices/{name}
200 (<a href="{{< ref "../service-resources/endpoint-slice-v1#EndpointSlice" >}}">EndpointSlice</a>): OK
201 (<a href="{{< ref "../service-resources/endpoint-slice-v1#EndpointSlice" >}}">EndpointSlice</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md
View File

@ -134,7 +134,7 @@ Endpoints is a collection of endpoints that implement the actual service. Exampl
- **subsets.ports.appProtocol** (string)
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. This is a beta field that is guarded by the ServiceAppProtocol feature gate and enabled by default.
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
@ -496,6 +496,8 @@ PATCH /api/v1/namespaces/{namespace}/endpoints/{name}
200 (<a href="{{< ref "../service-resources/endpoints-v1#Endpoints" >}}">Endpoints</a>): OK
201 (<a href="{{< ref "../service-resources/endpoints-v1#Endpoints" >}}">Endpoints</a>): Created
401: Unauthorized

2
content/en/docs/reference/kubernetes-api/service-resources/ingress-class-v1.md
View File

@ -354,6 +354,8 @@ PATCH /apis/networking.k8s.io/v1/ingressclasses/{name}
200 (<a href="{{< ref "../service-resources/ingress-class-v1#IngressClass" >}}">IngressClass</a>): OK
201 (<a href="{{< ref "../service-resources/ingress-class-v1#IngressClass" >}}">IngressClass</a>): Created
401: Unauthorized

14
content/en/docs/reference/kubernetes-api/service-resources/ingress-v1.md
View File

@ -107,11 +107,7 @@ IngressSpec describes the Ingress the user wishes to exist.
Backend defines the referenced service endpoint to which the traffic will be forwarded to.
- **rules.http.paths.path** (string)
Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. When unspecified, all paths from incoming requests are matched.
- **rules.http.paths.pathType** (string)
- **rules.http.paths.pathType** (string), required
PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is
done on a path element by element basis. A path element refers is the
@ -125,6 +121,10 @@ IngressSpec describes the Ingress the user wishes to exist.
or treat it identically to Prefix or Exact path types.
Implementations are required to support all path types.
- **rules.http.paths.path** (string)
Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix".
- **tls** ([]IngressTLS)
*Atomic: will be replaced during a merge*
@ -685,6 +685,8 @@ PATCH /apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}
200 (<a href="{{< ref "../service-resources/ingress-v1#Ingress" >}}">Ingress</a>): OK
201 (<a href="{{< ref "../service-resources/ingress-v1#Ingress" >}}">Ingress</a>): Created
401: Unauthorized
@ -738,6 +740,8 @@ PATCH /apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}/status
200 (<a href="{{< ref "../service-resources/ingress-v1#Ingress" >}}">Ingress</a>): OK
201 (<a href="{{< ref "../service-resources/ingress-v1#Ingress" >}}">Ingress</a>): Created
401: Unauthorized

16
content/en/docs/reference/kubernetes-api/service-resources/service-v1.md
View File

@ -96,11 +96,11 @@ ServiceSpec describes the attributes that a user creates on a service.
- **ports.nodePort** (int32)
The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- **ports.appProtocol** (string)
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. This is a beta field that is guarded by the ServiceAppProtocol feature gate and enabled by default.
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
- **type** (string)
@ -144,7 +144,7 @@ ServiceSpec describes the attributes that a user creates on a service.
- **loadBalancerSourceRanges** ([]string)
If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
- **loadBalancerClass** (string)
@ -188,13 +188,9 @@ ServiceSpec describes the attributes that a user creates on a service.
timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && \<=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
- **topologyKeys** ([]string)
topologyKeys is a preference-order list of topology keys which implementations of services should use to preferentially sort endpoints when accessing this Service, it can not be used at the same time as externalTrafficPolicy=Local. Topology keys must be valid label keys and at most 16 keys may be specified. Endpoints are chosen based on the first topology key with available backends. If this field is specified and all entries have no backends that match the topology of the client, the service has no backends for that client and connections should fail. The special value "*" may be used to mean "any topology". This catch-all value, if used, only makes sense as the last value in the list. If this is not specified or empty, no topology constraints will be applied. This field is alpha-level and is only honored by servers that enable the ServiceTopology feature. This field is deprecated and will be removed in a future version.
- **allocateLoadBalancerNodePorts** (boolean)
allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. allocateLoadBalancerNodePorts may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is alpha-level and is only honored by servers that enable the ServiceLBNodePortControl feature.
allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature.
@ -733,6 +729,8 @@ PATCH /api/v1/namespaces/{namespace}/services/{name}
200 (<a href="{{< ref "../service-resources/service-v1#Service" >}}">Service</a>): OK
201 (<a href="{{< ref "../service-resources/service-v1#Service" >}}">Service</a>): Created
401: Unauthorized
@ -786,6 +784,8 @@ PATCH /api/v1/namespaces/{namespace}/services/{name}/status
200 (<a href="{{< ref "../service-resources/service-v1#Service" >}}">Service</a>): OK
201 (<a href="{{< ref "../service-resources/service-v1#Service" >}}">Service</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/workload-resources/controller-revision-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "ControllerRevision implements an immutable snapshot of state data."
title: "ControllerRevision"
weight: 8
weight: 7
auto_generated: true
---
@ -440,6 +440,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/controllerrevisions/{name}
200 (<a href="{{< ref "../workload-resources/controller-revision-v1#ControllerRevision" >}}">ControllerRevision</a>): OK
201 (<a href="{{< ref "../workload-resources/controller-revision-v1#ControllerRevision" >}}">ControllerRevision</a>): Created
401: Unauthorized

6
content/en/docs/reference/kubernetes-api/workload-resources/cron-job-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "CronJob represents the configuration of a single cron job."
title: "CronJob"
weight: 11
weight: 10
auto_generated: true
---
@ -572,6 +572,8 @@ PATCH /apis/batch/v1/namespaces/{namespace}/cronjobs/{name}
200 (<a href="{{< ref "../workload-resources/cron-job-v1#CronJob" >}}">CronJob</a>): OK
201 (<a href="{{< ref "../workload-resources/cron-job-v1#CronJob" >}}">CronJob</a>): Created
401: Unauthorized
@ -625,6 +627,8 @@ PATCH /apis/batch/v1/namespaces/{namespace}/cronjobs/{name}/status
200 (<a href="{{< ref "../workload-resources/cron-job-v1#CronJob" >}}">CronJob</a>): OK
201 (<a href="{{< ref "../workload-resources/cron-job-v1#CronJob" >}}">CronJob</a>): Created
401: Unauthorized

10
content/en/docs/reference/kubernetes-api/workload-resources/daemon-set-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "DaemonSet represents the configuration of a daemon set."
title: "DaemonSet"
weight: 9
weight: 8
auto_generated: true
---
@ -92,14 +92,14 @@ DaemonSetSpec is the specification of a daemon set.
- **updateStrategy.rollingUpdate.maxSurge** (IntOrString)
The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. This is an alpha field and requires enabling DaemonSetUpdateSurge feature gate.
The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. This is beta field and enabled/disabled by DaemonSetUpdateSurge feature gate.
<a name="IntOrString"></a>
*IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.*
- **updateStrategy.rollingUpdate.maxUnavailable** (IntOrString)
The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding down to a minimum of one. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
<a name="IntOrString"></a>
*IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.*
@ -629,6 +629,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}
200 (<a href="{{< ref "../workload-resources/daemon-set-v1#DaemonSet" >}}">DaemonSet</a>): OK
201 (<a href="{{< ref "../workload-resources/daemon-set-v1#DaemonSet" >}}">DaemonSet</a>): Created
401: Unauthorized
@ -682,6 +684,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}/status
200 (<a href="{{< ref "../workload-resources/daemon-set-v1#DaemonSet" >}}">DaemonSet</a>): OK
201 (<a href="{{< ref "../workload-resources/daemon-set-v1#DaemonSet" >}}">DaemonSet</a>): Created
401: Unauthorized

8
content/en/docs/reference/kubernetes-api/workload-resources/deployment-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "Deployment enables declarative updates for Pods and ReplicaSets."
title: "Deployment"
weight: 6
weight: 5
auto_generated: true
---
@ -40,7 +40,7 @@ Deployment enables declarative updates for Pods and ReplicaSets.
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
Standard object metadata.
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (<a href="{{< ref "../workload-resources/deployment-v1#DeploymentSpec" >}}">DeploymentSpec</a>)
@ -642,6 +642,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/deployments/{name}
200 (<a href="{{< ref "../workload-resources/deployment-v1#Deployment" >}}">Deployment</a>): OK
201 (<a href="{{< ref "../workload-resources/deployment-v1#Deployment" >}}">Deployment</a>): Created
401: Unauthorized
@ -695,6 +697,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/deployments/{name}/status
200 (<a href="{{< ref "../workload-resources/deployment-v1#Deployment" >}}">Deployment</a>): OK
201 (<a href="{{< ref "../workload-resources/deployment-v1#Deployment" >}}">Deployment</a>): Created
401: Unauthorized

621
content/en/docs/reference/kubernetes-api/workload-resources/ephemeral-containers-v1.md
View File

@ -1,621 +0,0 @@
---
api_metadata:
apiVersion: "v1"
import: "k8s.io/api/core/v1"
kind: "EphemeralContainers"
content_type: "api_reference"
description: "A list of ephemeral containers used with the Pod ephemeralcontainers subresource."
title: "EphemeralContainers"
weight: 2
auto_generated: true
---
<!--
The file is auto-generated from the Go source code of the component using a generic
[generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how
to generate the reference documentation, please read
[Contributing to the reference documentation](/docs/contribute/generate-ref-docs/).
To update the reference content, please follow the
[Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/)
guide. You can file document formatting bugs against the
[reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project.
-->
`apiVersion: v1`
`import "k8s.io/api/core/v1"`
## EphemeralContainers {#EphemeralContainers}
A list of ephemeral containers used with the Pod ephemeralcontainers subresource.
<hr>
- **apiVersion**: v1
- **kind**: EphemeralContainers
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
- **ephemeralContainers** ([]<a href="{{< ref "../workload-resources/ephemeral-containers-v1#EphemeralContainer" >}}">EphemeralContainer</a>), required
*Patch strategy: merge on key `name`*
A list of ephemeral containers associated with this pod. New ephemeral containers may be appended to this list, but existing ephemeral containers may not be removed or modified.
## EphemeralContainer {#EphemeralContainer}
An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag.
<hr>
- **name** (string), required
Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.
- **targetContainerName** (string)
If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.
### Image
- **image** (string)
Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- **imagePullPolicy** (string)
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
### Entrypoint
- **command** ([]string)
Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- **args** ([]string)
Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- **workingDir** (string)
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
### Environment variables
- **env** ([]EnvVar)
*Patch strategy: merge on key `name`*
List of environment variables to set in the container. Cannot be updated.
<a name="EnvVar"></a>
*EnvVar represents an environment variable present in a Container.*
- **env.name** (string), required
Name of the environment variable. Must be a C_IDENTIFIER.
- **env.value** (string)
Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
- **env.valueFrom** (EnvVarSource)
Source for the environment variable's value. Cannot be used if value is not empty.
<a name="EnvVarSource"></a>
*EnvVarSource represents a source for the value of an EnvVar.*
- **env.valueFrom.configMapKeyRef** (ConfigMapKeySelector)
Selects a key of a ConfigMap.
<a name="ConfigMapKeySelector"></a>
*Selects a key from a ConfigMap.*
- **env.valueFrom.configMapKeyRef.key** (string), required
The key to select.
- **env.valueFrom.configMapKeyRef.name** (string)
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- **env.valueFrom.configMapKeyRef.optional** (boolean)
Specify whether the ConfigMap or its key must be defined
- **env.valueFrom.fieldRef** (<a href="{{< ref "../common-definitions/object-field-selector#ObjectFieldSelector" >}}">ObjectFieldSelector</a>)
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\<KEY>']`, `metadata.annotations['\<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- **env.valueFrom.resourceFieldRef** (<a href="{{< ref "../common-definitions/resource-field-selector#ResourceFieldSelector" >}}">ResourceFieldSelector</a>)
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- **env.valueFrom.secretKeyRef** (SecretKeySelector)
Selects a key of a secret in the pod's namespace
<a name="SecretKeySelector"></a>
*SecretKeySelector selects a key of a Secret.*
- **env.valueFrom.secretKeyRef.key** (string), required
The key of the secret to select from. Must be a valid secret key.
- **env.valueFrom.secretKeyRef.name** (string)
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- **env.valueFrom.secretKeyRef.optional** (boolean)
Specify whether the Secret or its key must be defined
- **envFrom** ([]EnvFromSource)
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
<a name="EnvFromSource"></a>
*EnvFromSource represents the source of a set of ConfigMaps*
- **envFrom.configMapRef** (ConfigMapEnvSource)
The ConfigMap to select from
<a name="ConfigMapEnvSource"></a>
*ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.*
- **envFrom.configMapRef.name** (string)
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- **envFrom.configMapRef.optional** (boolean)
Specify whether the ConfigMap must be defined
- **envFrom.prefix** (string)
An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
- **envFrom.secretRef** (SecretEnvSource)
The Secret to select from
<a name="SecretEnvSource"></a>
*SecretEnvSource selects a Secret to populate the environment variables with.
The contents of the target Secret's Data field will represent the key-value pairs as environment variables.*
- **envFrom.secretRef.name** (string)
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- **envFrom.secretRef.optional** (boolean)
Specify whether the Secret must be defined
### Volumes
- **volumeMounts** ([]VolumeMount)
*Patch strategy: merge on key `mountPath`*
Pod volumes to mount into the container's filesystem. Cannot be updated.
<a name="VolumeMount"></a>
*VolumeMount describes a mounting of a Volume within a container.*
- **volumeMounts.mountPath** (string), required
Path within the container at which the volume should be mounted. Must not contain ':'.
- **volumeMounts.name** (string), required
This must match the Name of a Volume.
- **volumeMounts.mountPropagation** (string)
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
- **volumeMounts.readOnly** (boolean)
Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
- **volumeMounts.subPath** (string)
Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
- **volumeMounts.subPathExpr** (string)
Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
- **volumeDevices** ([]VolumeDevice)
*Patch strategy: merge on key `devicePath`*
volumeDevices is the list of block devices to be used by the container.
<a name="VolumeDevice"></a>
*volumeDevice describes a mapping of a raw block device within a container.*
- **volumeDevices.devicePath** (string), required
devicePath is the path inside of the container that the device will be mapped to.
- **volumeDevices.name** (string), required
name must match the name of a persistentVolumeClaim in the pod
### Lifecycle
- **terminationMessagePath** (string)
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
- **terminationMessagePolicy** (string)
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
### Debugging
- **stdin** (boolean)
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
- **stdinOnce** (boolean)
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
- **tty** (boolean)
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
### Not allowed
- **ports** ([]ContainerPort)
Ports are not allowed for ephemeral containers.
<a name="ContainerPort"></a>
*ContainerPort represents a network port in a single container.*
- **ports.containerPort** (int32), required
Number of port to expose on the pod's IP address. This must be a valid port number, 0 \< x \< 65536.
- **ports.hostIP** (string)
What host IP to bind the external port to.
- **ports.hostPort** (int32)
Number of port to expose on the host. If specified, this must be a valid port number, 0 \< x \< 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
- **ports.name** (string)
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
- **ports.protocol** (string)
Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
- **resources** (ResourceRequirements)
Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
<a name="ResourceRequirements"></a>
*ResourceRequirements describes the compute resource requirements.*
- **resources.limits** (map[string]<a href="{{< ref "../common-definitions/quantity#Quantity" >}}">Quantity</a>)
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- **resources.requests** (map[string]<a href="{{< ref "../common-definitions/quantity#Quantity" >}}">Quantity</a>)
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- **lifecycle** (Lifecycle)
Lifecycle is not allowed for ephemeral containers.
<a name="Lifecycle"></a>
*Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.*
- **lifecycle.postStart** (<a href="{{< ref "../workload-resources/pod-v1#Handler" >}}">Handler</a>)
PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- **lifecycle.preStop** (<a href="{{< ref "../workload-resources/pod-v1#Handler" >}}">Handler</a>)
PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- **livenessProbe** (<a href="{{< ref "../workload-resources/pod-v1#Probe" >}}">Probe</a>)
Probes are not allowed for ephemeral containers.
- **readinessProbe** (<a href="{{< ref "../workload-resources/pod-v1#Probe" >}}">Probe</a>)
Probes are not allowed for ephemeral containers.
- **securityContext** (SecurityContext)
SecurityContext is not allowed for ephemeral containers.
<a name="SecurityContext"></a>
*SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.*
- **securityContext.runAsUser** (int64)
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- **securityContext.runAsNonRoot** (boolean)
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- **securityContext.runAsGroup** (int64)
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- **securityContext.readOnlyRootFilesystem** (boolean)
Whether this container has a read-only root filesystem. Default is false.
- **securityContext.procMount** (string)
procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.
- **securityContext.privileged** (boolean)
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.
- **securityContext.allowPrivilegeEscalation** (boolean)
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
- **securityContext.capabilities** (Capabilities)
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
<a name="Capabilities"></a>
*Adds and removes POSIX capabilities from running containers.*
- **securityContext.capabilities.add** ([]string)
Added capabilities
- **securityContext.capabilities.drop** ([]string)
Removed capabilities
- **securityContext.seccompProfile** (SeccompProfile)
The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options.
<a name="SeccompProfile"></a>
*SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.*
- **securityContext.seccompProfile.type** (string), required
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
- **securityContext.seccompProfile.localhostProfile** (string)
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
- **securityContext.seLinuxOptions** (SELinuxOptions)
The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
<a name="SELinuxOptions"></a>
*SELinuxOptions are the labels to be applied to the container*
- **securityContext.seLinuxOptions.level** (string)
Level is SELinux level label that applies to the container.
- **securityContext.seLinuxOptions.role** (string)
Role is a SELinux role label that applies to the container.
- **securityContext.seLinuxOptions.type** (string)
Type is a SELinux type label that applies to the container.
- **securityContext.seLinuxOptions.user** (string)
User is a SELinux user label that applies to the container.
- **securityContext.windowsOptions** (WindowsSecurityContextOptions)
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
<a name="WindowsSecurityContextOptions"></a>
*WindowsSecurityContextOptions contain Windows-specific options and credentials.*
- **securityContext.windowsOptions.gmsaCredentialSpec** (string)
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
- **securityContext.windowsOptions.gmsaCredentialSpecName** (string)
GMSACredentialSpecName is the name of the GMSA credential spec to use.
- **securityContext.windowsOptions.runAsUserName** (string)
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- **startupProbe** (<a href="{{< ref "../workload-resources/pod-v1#Probe" >}}">Probe</a>)
Probes are not allowed for ephemeral containers.
## Operations {#Operations}
<hr>
### `get` read ephemeralcontainers of the specified Pod
#### HTTP Request
GET /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
#### Parameters
- **name** (*in path*): string, required
name of the EphemeralContainers
- **namespace** (*in path*): string, required
<a href="{{< ref "../common-parameters/common-parameters#namespace" >}}">namespace</a>
- **pretty** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#pretty" >}}">pretty</a>
#### Response
200 (<a href="{{< ref "../workload-resources/ephemeral-containers-v1#EphemeralContainers" >}}">EphemeralContainers</a>): OK
401: Unauthorized
### `update` replace ephemeralcontainers of the specified Pod
#### HTTP Request
PUT /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
#### Parameters
- **name** (*in path*): string, required
name of the EphemeralContainers
- **namespace** (*in path*): string, required
<a href="{{< ref "../common-parameters/common-parameters#namespace" >}}">namespace</a>
- **body**: <a href="{{< ref "../workload-resources/ephemeral-containers-v1#EphemeralContainers" >}}">EphemeralContainers</a>, required
- **dryRun** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#dryRun" >}}">dryRun</a>
- **fieldManager** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#fieldManager" >}}">fieldManager</a>
- **pretty** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#pretty" >}}">pretty</a>
#### Response
200 (<a href="{{< ref "../workload-resources/ephemeral-containers-v1#EphemeralContainers" >}}">EphemeralContainers</a>): OK
201 (<a href="{{< ref "../workload-resources/ephemeral-containers-v1#EphemeralContainers" >}}">EphemeralContainers</a>): Created
401: Unauthorized
### `patch` partially update ephemeralcontainers of the specified Pod
#### HTTP Request
PATCH /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
#### Parameters
- **name** (*in path*): string, required
name of the EphemeralContainers
- **namespace** (*in path*): string, required
<a href="{{< ref "../common-parameters/common-parameters#namespace" >}}">namespace</a>
- **body**: <a href="{{< ref "../common-definitions/patch#Patch" >}}">Patch</a>, required
- **dryRun** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#dryRun" >}}">dryRun</a>
- **fieldManager** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#fieldManager" >}}">fieldManager</a>
- **force** (*in query*): boolean
<a href="{{< ref "../common-parameters/common-parameters#force" >}}">force</a>
- **pretty** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#pretty" >}}">pretty</a>
#### Response
200 (<a href="{{< ref "../workload-resources/ephemeral-containers-v1#EphemeralContainers" >}}">EphemeralContainers</a>): OK
401: Unauthorized

6
content/en/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "configuration of a horizontal pod autoscaler."
title: "HorizontalPodAutoscaler"
weight: 12
weight: 11
auto_generated: true
---
@ -567,6 +567,8 @@ PATCH /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers/{name
200 (<a href="{{< ref "../workload-resources/horizontal-pod-autoscaler-v1#HorizontalPodAutoscaler" >}}">HorizontalPodAutoscaler</a>): OK
201 (<a href="{{< ref "../workload-resources/horizontal-pod-autoscaler-v1#HorizontalPodAutoscaler" >}}">HorizontalPodAutoscaler</a>): Created
401: Unauthorized
@ -620,6 +622,8 @@ PATCH /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers/{name
200 (<a href="{{< ref "../workload-resources/horizontal-pod-autoscaler-v1#HorizontalPodAutoscaler" >}}">HorizontalPodAutoscaler</a>): OK
201 (<a href="{{< ref "../workload-resources/horizontal-pod-autoscaler-v1#HorizontalPodAutoscaler" >}}">HorizontalPodAutoscaler</a>): Created
401: Unauthorized

6
content/en/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2beta2.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "HorizontalPodAutoscaler is the configuration for a horizontal pod autoscaler, which automatically manages the replica count of any resource implementing the scale subresource based on the metrics specified."
title: "HorizontalPodAutoscaler v2beta2"
weight: 13
weight: 12
auto_generated: true
---
@ -1119,6 +1119,8 @@ PATCH /apis/autoscaling/v2beta2/namespaces/{namespace}/horizontalpodautoscalers/
200 (<a href="{{< ref "../workload-resources/horizontal-pod-autoscaler-v2beta2#HorizontalPodAutoscaler" >}}">HorizontalPodAutoscaler</a>): OK
201 (<a href="{{< ref "../workload-resources/horizontal-pod-autoscaler-v2beta2#HorizontalPodAutoscaler" >}}">HorizontalPodAutoscaler</a>): Created
401: Unauthorized
@ -1172,6 +1174,8 @@ PATCH /apis/autoscaling/v2beta2/namespaces/{namespace}/horizontalpodautoscalers/
200 (<a href="{{< ref "../workload-resources/horizontal-pod-autoscaler-v2beta2#HorizontalPodAutoscaler" >}}">HorizontalPodAutoscaler</a>): OK
201 (<a href="{{< ref "../workload-resources/horizontal-pod-autoscaler-v2beta2#HorizontalPodAutoscaler" >}}">HorizontalPodAutoscaler</a>): Created
401: Unauthorized

38
content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "Job represents the configuration of a single job."
title: "Job"
weight: 10
weight: 9
auto_generated: true
---
@ -86,9 +86,9 @@ JobSpec describes how the job execution will look like.
`NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other.
`Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5.
`Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`.
This field is alpha-level and is only honored by servers that enable the IndexedJob feature gate. More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, the controller skips updates for the Job.
This field is beta-level. More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, the controller skips updates for the Job.
- **backoffLimit** (int32)
@ -104,7 +104,9 @@ JobSpec describes how the job execution will look like.
- **suspend** (boolean)
Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. This is an alpha field and requires the SuspendJob feature gate to be enabled; otherwise this field may not be set to true. Defaults to false.
Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.
This field is beta-level, gated by SuspendJob feature flag (enabled by default).
### Selector
@ -196,6 +198,30 @@ JobStatus represents the current state of a Job.
(brief) reason for the condition's last transition.
- **uncountedTerminatedPods** (UncountedTerminatedPods)
UncountedTerminatedPods holds the UIDs of Pods that have terminated but the job controller hasn't yet accounted for in the status counters.
The job controller creates pods with a finalizer. When a pod terminates (succeeded or failed), the controller does three steps to account for it in the job status: (1) Add the pod UID to the arrays in this field. (2) Remove the pod finalizer. (3) Remove the pod UID from the arrays while increasing the corresponding
counter.
This field is alpha-level. The job controller only makes use of this field when the feature gate PodTrackingWithFinalizers is enabled. Old jobs might not be tracked using this field, in which case the field remains null.
<a name="UncountedTerminatedPods"></a>
*UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.*
- **uncountedTerminatedPods.failed** ([]string)
*Set: unique values will be kept during a merge*
Failed holds UIDs of failed Pods.
- **uncountedTerminatedPods.succeeded** ([]string)
*Set: unique values will be kept during a merge*
Succeeded holds UIDs of succeeded Pods.
@ -639,6 +665,8 @@ PATCH /apis/batch/v1/namespaces/{namespace}/jobs/{name}
200 (<a href="{{< ref "../workload-resources/job-v1#Job" >}}">Job</a>): OK
201 (<a href="{{< ref "../workload-resources/job-v1#Job" >}}">Job</a>): Created
401: Unauthorized
@ -692,6 +720,8 @@ PATCH /apis/batch/v1/namespaces/{namespace}/jobs/{name}/status
200 (<a href="{{< ref "../workload-resources/job-v1#Job" >}}">Job</a>): OK
201 (<a href="{{< ref "../workload-resources/job-v1#Job" >}}">Job</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/workload-resources/pod-template-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "PodTemplate describes a template for creating copies of a predefined pod."
title: "PodTemplate"
weight: 3
weight: 2
auto_generated: true
---
@ -424,6 +424,8 @@ PATCH /api/v1/namespaces/{namespace}/podtemplates/{name}
200 (<a href="{{< ref "../workload-resources/pod-template-v1#PodTemplate" >}}">PodTemplate</a>): OK
201 (<a href="{{< ref "../workload-resources/pod-template-v1#PodTemplate" >}}">PodTemplate</a>): Created
401: Unauthorized

602
content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md
View File

@ -159,7 +159,7 @@ PodSpec is a description of a pod.
- **runtimeClassName** (string)
RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.
RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a beta feature as of Kubernetes v1.14.
- **priorityClassName** (string)
@ -216,7 +216,7 @@ PodSpec is a description of a pod.
- **readinessGates** ([]PodReadinessGate)
If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md
If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
<a name="PodReadinessGate"></a>
*PodReadinessGate contains the reference to a pod condition*
@ -428,6 +428,10 @@ PodSpec is a description of a pod.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
- **securityContext.windowsOptions.hostProcess** (boolean)
HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
- **securityContext.windowsOptions.runAsUserName** (string)
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@ -441,12 +445,12 @@ PodSpec is a description of a pod.
- **overhead** (map[string]<a href="{{< ref "../common-definitions/quantity#Quantity" >}}">Quantity</a>)
Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.
Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md This field is beta-level as of Kubernetes v1.18, and is only honored by servers that enable the PodOverhead feature.
### Alpha level
- **ephemeralContainers** ([]<a href="{{< ref "../workload-resources/ephemeral-containers-v1#EphemeralContainer" >}}">EphemeralContainer</a>)
- **ephemeralContainers** ([]<a href="{{< ref "../workload-resources/pod-v1#EphemeralContainer" >}}">EphemeralContainer</a>)
*Patch strategy: merge on key `name`*
@ -489,11 +493,11 @@ A single application container that you want to run within a pod.
- **command** ([]string)
Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- **args** ([]string)
Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- **workingDir** (string)
@ -551,7 +555,7 @@ A single application container that you want to run within a pod.
- **env.value** (string)
Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
- **env.valueFrom** (EnvVarSource)
@ -765,7 +769,7 @@ A single application container that you want to run within a pod.
- **securityContext** (SecurityContext)
Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
<a name="SecurityContext"></a>
*SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.*
@ -868,6 +872,10 @@ A single application container that you want to run within a pod.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
- **securityContext.windowsOptions.hostProcess** (boolean)
HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
- **securityContext.windowsOptions.runAsUserName** (string)
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@ -889,6 +897,432 @@ A single application container that you want to run within a pod.
## EphemeralContainer {#EphemeralContainer}
An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag.
<hr>
- **name** (string), required
Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.
- **targetContainerName** (string)
If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.
### Image
- **image** (string)
Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- **imagePullPolicy** (string)
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
### Entrypoint
- **command** ([]string)
Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- **args** ([]string)
Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- **workingDir** (string)
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
### Environment variables
- **env** ([]EnvVar)
*Patch strategy: merge on key `name`*
List of environment variables to set in the container. Cannot be updated.
<a name="EnvVar"></a>
*EnvVar represents an environment variable present in a Container.*
- **env.name** (string), required
Name of the environment variable. Must be a C_IDENTIFIER.
- **env.value** (string)
Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
- **env.valueFrom** (EnvVarSource)
Source for the environment variable's value. Cannot be used if value is not empty.
<a name="EnvVarSource"></a>
*EnvVarSource represents a source for the value of an EnvVar.*
- **env.valueFrom.configMapKeyRef** (ConfigMapKeySelector)
Selects a key of a ConfigMap.
<a name="ConfigMapKeySelector"></a>
*Selects a key from a ConfigMap.*
- **env.valueFrom.configMapKeyRef.key** (string), required
The key to select.
- **env.valueFrom.configMapKeyRef.name** (string)
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- **env.valueFrom.configMapKeyRef.optional** (boolean)
Specify whether the ConfigMap or its key must be defined
- **env.valueFrom.fieldRef** (<a href="{{< ref "../common-definitions/object-field-selector#ObjectFieldSelector" >}}">ObjectFieldSelector</a>)
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\<KEY>']`, `metadata.annotations['\<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- **env.valueFrom.resourceFieldRef** (<a href="{{< ref "../common-definitions/resource-field-selector#ResourceFieldSelector" >}}">ResourceFieldSelector</a>)
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- **env.valueFrom.secretKeyRef** (SecretKeySelector)
Selects a key of a secret in the pod's namespace
<a name="SecretKeySelector"></a>
*SecretKeySelector selects a key of a Secret.*
- **env.valueFrom.secretKeyRef.key** (string), required
The key of the secret to select from. Must be a valid secret key.
- **env.valueFrom.secretKeyRef.name** (string)
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- **env.valueFrom.secretKeyRef.optional** (boolean)
Specify whether the Secret or its key must be defined
- **envFrom** ([]EnvFromSource)
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
<a name="EnvFromSource"></a>
*EnvFromSource represents the source of a set of ConfigMaps*
- **envFrom.configMapRef** (ConfigMapEnvSource)
The ConfigMap to select from
<a name="ConfigMapEnvSource"></a>
*ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.*
- **envFrom.configMapRef.name** (string)
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- **envFrom.configMapRef.optional** (boolean)
Specify whether the ConfigMap must be defined
- **envFrom.prefix** (string)
An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
- **envFrom.secretRef** (SecretEnvSource)
The Secret to select from
<a name="SecretEnvSource"></a>
*SecretEnvSource selects a Secret to populate the environment variables with.
The contents of the target Secret's Data field will represent the key-value pairs as environment variables.*
- **envFrom.secretRef.name** (string)
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- **envFrom.secretRef.optional** (boolean)
Specify whether the Secret must be defined
### Volumes
- **volumeMounts** ([]VolumeMount)
*Patch strategy: merge on key `mountPath`*
Pod volumes to mount into the container's filesystem. Cannot be updated.
<a name="VolumeMount"></a>
*VolumeMount describes a mounting of a Volume within a container.*
- **volumeMounts.mountPath** (string), required
Path within the container at which the volume should be mounted. Must not contain ':'.
- **volumeMounts.name** (string), required
This must match the Name of a Volume.
- **volumeMounts.mountPropagation** (string)
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
- **volumeMounts.readOnly** (boolean)
Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
- **volumeMounts.subPath** (string)
Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
- **volumeMounts.subPathExpr** (string)
Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
- **volumeDevices** ([]VolumeDevice)
*Patch strategy: merge on key `devicePath`*
volumeDevices is the list of block devices to be used by the container.
<a name="VolumeDevice"></a>
*volumeDevice describes a mapping of a raw block device within a container.*
- **volumeDevices.devicePath** (string), required
devicePath is the path inside of the container that the device will be mapped to.
- **volumeDevices.name** (string), required
name must match the name of a persistentVolumeClaim in the pod
### Lifecycle
- **terminationMessagePath** (string)
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
- **terminationMessagePolicy** (string)
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
### Debugging
- **stdin** (boolean)
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
- **stdinOnce** (boolean)
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
- **tty** (boolean)
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
### Not allowed
- **ports** ([]ContainerPort)
Ports are not allowed for ephemeral containers.
<a name="ContainerPort"></a>
*ContainerPort represents a network port in a single container.*
- **ports.containerPort** (int32), required
Number of port to expose on the pod's IP address. This must be a valid port number, 0 \< x \< 65536.
- **ports.hostIP** (string)
What host IP to bind the external port to.
- **ports.hostPort** (int32)
Number of port to expose on the host. If specified, this must be a valid port number, 0 \< x \< 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
- **ports.name** (string)
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
- **ports.protocol** (string)
Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
- **resources** (ResourceRequirements)
Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
<a name="ResourceRequirements"></a>
*ResourceRequirements describes the compute resource requirements.*
- **resources.limits** (map[string]<a href="{{< ref "../common-definitions/quantity#Quantity" >}}">Quantity</a>)
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- **resources.requests** (map[string]<a href="{{< ref "../common-definitions/quantity#Quantity" >}}">Quantity</a>)
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- **lifecycle** (Lifecycle)
Lifecycle is not allowed for ephemeral containers.
<a name="Lifecycle"></a>
*Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.*
- **lifecycle.postStart** (<a href="{{< ref "../workload-resources/pod-v1#Handler" >}}">Handler</a>)
PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- **lifecycle.preStop** (<a href="{{< ref "../workload-resources/pod-v1#Handler" >}}">Handler</a>)
PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- **livenessProbe** (<a href="{{< ref "../workload-resources/pod-v1#Probe" >}}">Probe</a>)
Probes are not allowed for ephemeral containers.
- **readinessProbe** (<a href="{{< ref "../workload-resources/pod-v1#Probe" >}}">Probe</a>)
Probes are not allowed for ephemeral containers.
- **securityContext** (SecurityContext)
Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
<a name="SecurityContext"></a>
*SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.*
- **securityContext.runAsUser** (int64)
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- **securityContext.runAsNonRoot** (boolean)
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- **securityContext.runAsGroup** (int64)
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- **securityContext.readOnlyRootFilesystem** (boolean)
Whether this container has a read-only root filesystem. Default is false.
- **securityContext.procMount** (string)
procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.
- **securityContext.privileged** (boolean)
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.
- **securityContext.allowPrivilegeEscalation** (boolean)
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
- **securityContext.capabilities** (Capabilities)
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
<a name="Capabilities"></a>
*Adds and removes POSIX capabilities from running containers.*
- **securityContext.capabilities.add** ([]string)
Added capabilities
- **securityContext.capabilities.drop** ([]string)
Removed capabilities
- **securityContext.seccompProfile** (SeccompProfile)
The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options.
<a name="SeccompProfile"></a>
*SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.*
- **securityContext.seccompProfile.type** (string), required
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
- **securityContext.seccompProfile.localhostProfile** (string)
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
- **securityContext.seLinuxOptions** (SELinuxOptions)
The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
<a name="SELinuxOptions"></a>
*SELinuxOptions are the labels to be applied to the container*
- **securityContext.seLinuxOptions.level** (string)
Level is SELinux level label that applies to the container.
- **securityContext.seLinuxOptions.role** (string)
Role is a SELinux role label that applies to the container.
- **securityContext.seLinuxOptions.type** (string)
Type is a SELinux type label that applies to the container.
- **securityContext.seLinuxOptions.user** (string)
User is a SELinux user label that applies to the container.
- **securityContext.windowsOptions** (WindowsSecurityContextOptions)
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
<a name="WindowsSecurityContextOptions"></a>
*WindowsSecurityContextOptions contain Windows-specific options and credentials.*
- **securityContext.windowsOptions.gmsaCredentialSpec** (string)
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
- **securityContext.windowsOptions.gmsaCredentialSpecName** (string)
GMSACredentialSpecName is the name of the GMSA credential spec to use.
- **securityContext.windowsOptions.hostProcess** (boolean)
HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
- **securityContext.windowsOptions.runAsUserName** (string)
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- **startupProbe** (<a href="{{< ref "../workload-resources/pod-v1#Probe" >}}">Probe</a>)
Probes are not allowed for ephemeral containers.
## Handler {#Handler}
Handler defines a specific action that should be taken
@ -1057,7 +1491,7 @@ Pod affinity is a group of inter pod affinity scheduling rules.
- **preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector** (<a href="{{< ref "../common-definitions/label-selector#LabelSelector" >}}">LabelSelector</a>)
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
- **preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaces** ([]string)
@ -1084,7 +1518,7 @@ Pod affinity is a group of inter pod affinity scheduling rules.
- **requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector** (<a href="{{< ref "../common-definitions/label-selector#LabelSelector" >}}">LabelSelector</a>)
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
- **requiredDuringSchedulingIgnoredDuringExecution.namespaces** ([]string)
@ -1124,7 +1558,7 @@ Pod anti affinity is a group of inter pod anti affinity scheduling rules.
- **preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector** (<a href="{{< ref "../common-definitions/label-selector#LabelSelector" >}}">LabelSelector</a>)
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
- **preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaces** ([]string)
@ -1151,7 +1585,7 @@ Pod anti affinity is a group of inter pod anti affinity scheduling rules.
- **requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector** (<a href="{{< ref "../common-definitions/label-selector#LabelSelector" >}}">LabelSelector</a>)
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
- **requiredDuringSchedulingIgnoredDuringExecution.namespaces** ([]string)
@ -1243,7 +1677,7 @@ Probe describes a health check to be performed against a container to determine
- **terminationGracePeriodSeconds** (int64)
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- **periodSeconds** (int32)
@ -1996,6 +2430,39 @@ GET /api/v1/namespaces/{namespace}/pods/{name}
#### Response
200 (<a href="{{< ref "../workload-resources/pod-v1#Pod" >}}">Pod</a>): OK
401: Unauthorized
### `get` read ephemeralcontainers of the specified Pod
#### HTTP Request
GET /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
#### Parameters
- **name** (*in path*): string, required
name of the Pod
- **namespace** (*in path*): string, required
<a href="{{< ref "../common-parameters/common-parameters#namespace" >}}">namespace</a>
- **pretty** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#pretty" >}}">pretty</a>
#### Response
@ -2322,6 +2789,56 @@ PUT /api/v1/namespaces/{namespace}/pods/{name}
- **dryRun** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#dryRun" >}}">dryRun</a>
- **fieldManager** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#fieldManager" >}}">fieldManager</a>
- **pretty** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#pretty" >}}">pretty</a>
#### Response
200 (<a href="{{< ref "../workload-resources/pod-v1#Pod" >}}">Pod</a>): OK
201 (<a href="{{< ref "../workload-resources/pod-v1#Pod" >}}">Pod</a>): Created
401: Unauthorized
### `update` replace ephemeralcontainers of the specified Pod
#### HTTP Request
PUT /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
#### Parameters
- **name** (*in path*): string, required
name of the Pod
- **namespace** (*in path*): string, required
<a href="{{< ref "../common-parameters/common-parameters#namespace" >}}">namespace</a>
- **body**: <a href="{{< ref "../workload-resources/pod-v1#Pod" >}}">Pod</a>, required
- **dryRun** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#dryRun" >}}">dryRun</a>
@ -2448,6 +2965,63 @@ PATCH /api/v1/namespaces/{namespace}/pods/{name}
200 (<a href="{{< ref "../workload-resources/pod-v1#Pod" >}}">Pod</a>): OK
201 (<a href="{{< ref "../workload-resources/pod-v1#Pod" >}}">Pod</a>): Created
401: Unauthorized
### `patch` partially update ephemeralcontainers of the specified Pod
#### HTTP Request
PATCH /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
#### Parameters
- **name** (*in path*): string, required
name of the Pod
- **namespace** (*in path*): string, required
<a href="{{< ref "../common-parameters/common-parameters#namespace" >}}">namespace</a>
- **body**: <a href="{{< ref "../common-definitions/patch#Patch" >}}">Patch</a>, required
- **dryRun** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#dryRun" >}}">dryRun</a>
- **fieldManager** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#fieldManager" >}}">fieldManager</a>
- **force** (*in query*): boolean
<a href="{{< ref "../common-parameters/common-parameters#force" >}}">force</a>
- **pretty** (*in query*): string
<a href="{{< ref "../common-parameters/common-parameters#pretty" >}}">pretty</a>
#### Response
200 (<a href="{{< ref "../workload-resources/pod-v1#Pod" >}}">Pod</a>): OK
201 (<a href="{{< ref "../workload-resources/pod-v1#Pod" >}}">Pod</a>): Created
401: Unauthorized
@ -2501,6 +3075,8 @@ PATCH /api/v1/namespaces/{namespace}/pods/{name}/status
200 (<a href="{{< ref "../workload-resources/pod-v1#Pod" >}}">Pod</a>): OK
201 (<a href="{{< ref "../workload-resources/pod-v1#Pod" >}}">Pod</a>): Created
401: Unauthorized

4
content/en/docs/reference/kubernetes-api/workload-resources/priority-class-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "PriorityClass defines mapping from a priority class name to the priority integer value."
title: "PriorityClass"
weight: 14
weight: 13
auto_generated: true
---
@ -325,6 +325,8 @@ PATCH /apis/scheduling.k8s.io/v1/priorityclasses/{name}
200 (<a href="{{< ref "../workload-resources/priority-class-v1#PriorityClass" >}}">PriorityClass</a>): OK
201 (<a href="{{< ref "../workload-resources/priority-class-v1#PriorityClass" >}}">PriorityClass</a>): Created
401: Unauthorized

6
content/en/docs/reference/kubernetes-api/workload-resources/replica-set-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "ReplicaSet ensures that a specified number of pod replicas are running at any given time."
title: "ReplicaSet"
weight: 5
weight: 4
auto_generated: true
---
@ -581,6 +581,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/replicasets/{name}
200 (<a href="{{< ref "../workload-resources/replica-set-v1#ReplicaSet" >}}">ReplicaSet</a>): OK
201 (<a href="{{< ref "../workload-resources/replica-set-v1#ReplicaSet" >}}">ReplicaSet</a>): Created
401: Unauthorized
@ -634,6 +636,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/replicasets/{name}/status
200 (<a href="{{< ref "../workload-resources/replica-set-v1#ReplicaSet" >}}">ReplicaSet</a>): OK
201 (<a href="{{< ref "../workload-resources/replica-set-v1#ReplicaSet" >}}">ReplicaSet</a>): Created
401: Unauthorized

6
content/en/docs/reference/kubernetes-api/workload-resources/replication-controller-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "ReplicationController represents the configuration of a replication controller."
title: "ReplicationController"
weight: 4
weight: 3
auto_generated: true
---
@ -581,6 +581,8 @@ PATCH /api/v1/namespaces/{namespace}/replicationcontrollers/{name}
200 (<a href="{{< ref "../workload-resources/replication-controller-v1#ReplicationController" >}}">ReplicationController</a>): OK
201 (<a href="{{< ref "../workload-resources/replication-controller-v1#ReplicationController" >}}">ReplicationController</a>): Created
401: Unauthorized
@ -634,6 +636,8 @@ PATCH /api/v1/namespaces/{namespace}/replicationcontrollers/{name}/status
200 (<a href="{{< ref "../workload-resources/replication-controller-v1#ReplicationController" >}}">ReplicationController</a>): OK
201 (<a href="{{< ref "../workload-resources/replication-controller-v1#ReplicationController" >}}">ReplicationController</a>): Created
401: Unauthorized

17
content/en/docs/reference/kubernetes-api/workload-resources/stateful-set-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "StatefulSet represents a set of pods with consistent identities."
title: "StatefulSet"
weight: 7
weight: 6
auto_generated: true
---
@ -43,6 +43,7 @@ The StatefulSet guarantees that a given network identity will always map to the
- **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (<a href="{{< ref "../workload-resources/stateful-set-v1#StatefulSetSpec" >}}">StatefulSetSpec</a>)
@ -112,6 +113,10 @@ A StatefulSetSpec is the specification of a StatefulSet.
volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name.
- **minReadySeconds** (int32)
Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.
@ -138,6 +143,10 @@ StatefulSetStatus represents the current state of a StatefulSet.
updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by updateRevision.
- **availableReplicas** (int32)
Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate. Remove omitempty when graduating to beta
- **collisionCount** (int32)
collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
@ -204,9 +213,11 @@ StatefulSetList is a collection of StatefulSets.
- **metadata** (<a href="{{< ref "../common-definitions/list-meta#ListMeta" >}}">ListMeta</a>)
Standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **items** ([]<a href="{{< ref "../workload-resources/stateful-set-v1#StatefulSet" >}}">StatefulSet</a>), required
Items is the list of stateful sets.
@ -627,6 +638,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}
200 (<a href="{{< ref "../workload-resources/stateful-set-v1#StatefulSet" >}}">StatefulSet</a>): OK
201 (<a href="{{< ref "../workload-resources/stateful-set-v1#StatefulSet" >}}">StatefulSet</a>): Created
401: Unauthorized
@ -680,6 +693,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/status
200 (<a href="{{< ref "../workload-resources/stateful-set-v1#StatefulSet" >}}">StatefulSet</a>): OK
201 (<a href="{{< ref "../workload-resources/stateful-set-v1#StatefulSet" >}}">StatefulSet</a>): Created
401: Unauthorized